This security guide describes SQream’s security features and best practices for SQream customers to understand how to secure their data and prevent unauthorized access, while also ensuring compliance with relevant regulations and industry standards. Organizations’ data teams can use these features and capabilities to strengthen their SQream environment according to their security policy and get peace of mind knowing their data is protected and secure.
As part of our compliance with GDPR standards, when authenticating users locally SQream relies on a strong password policy upon accessing the Acceleration Studio or the CLI. Access is also protected by a brute-force attack prevention mechanism, where users are blocked after consecutive attempts of a failed login. For more information regarding the specific requirements, check our documentation.
Across SQream’s product lines, we provide a secure and streamlined authentication process when integrating with industry-standard authentication methods:
SQream allows for the implementation of granular-level privileges, which defines a user’s access privilege and available actions for specific objects (Database, Schema, Table, Function). RBAC enables admins to grant and revoke different privileges for different roles using SQream Acceleration Studio or SQream CLI. For more information, check out our documentation.
For encrypting all traffic in and out of SQream, users can manually configure TLS when setting one of our industry-known connectors (such as ODBC and JDBC). TLS is applicable for all external connectivity when reading and writing data. For more information, check out our documentation.
To store sensitive data securely, it is vital to ensure that data is encrypted at rest while also available for processing by the permitted users. SQreamDB on-premise deployment provides the ability to encrypt and decrypt Personally Identifiable Information (PII) at the column level, thus preventing unauthorized users access to it. For more information, check out our documentation.
As SQream Blue public cloud deployment doesn’t store data internally, it leans on Google Cloud Storage’s built-in encryption capabilities.
SQream is currently working to put in place the controls and enhancements to meet the compliance needs of both the General Data Protection Regulation (GDPR) and SOC-2 Type II. Some aspects of this compliance include cost-efficient data deletion and ensuring SQream’s products are being developed using audited processes and controls. SQream is aiming to achieve full compliance by the end of 2023 and simultaneously address ISO/IEC 27001 compliance as a part of our roadmap.
An organization’s ability to maintain essential functions during and after a security disruption is crucial. SQream is working persistently to implement a set of functions that will allow business continuity for its customers. By creating high availability of our Metadata Server, in case of a disruption users will be able to recover this service within a few minutes once it’s reconnected to the backup storage. SQream is aiming to complete those features as a part of our roadmap by the end of 2023.