Security Policy

This security guide describes SQream’s security features and best practices for SQream customers to understand how to secure their data and prevent unauthorized access, while also ensuring compliance with relevant regulations and industry standards. Organizations’ data teams can use these features and capabilities to strengthen their SQream environment according to their security policy and get peace of mind knowing their data is protected and secure.

Authentication and Access Control

Password and User Authentication

As part of our compliance with GDPR standards, when authenticating users locally SQream relies on a strong password policy upon accessing the Acceleration Studio or the CLI. Access is also protected by a brute-force attack prevention mechanism, where users are blocked after consecutive attempts of a failed login. For more information regarding the specific requirements, check our documentation

Across SQream’s product lines, we provide a secure and streamlined authentication process when integrating with industry-standard authentication methods:

  • SQreamDB on-premise deployment supports LDAP (Lightweight Directory Access Protocol), so customers who manage their users centrally through Active Directory can use their company’s authentication credentials when connecting. 
  • SQream Blue public cloud deployment supports Auth0, so customers can use their cloud Identity Provider’s (IDP; currently only Google) authentication credentials when connecting. 

Role-Based Access Control (RBAC)

SQream allows for the implementation of granular-level privileges, which defines a user’s access privilege and available actions for specific objects (Database, Schema, Table, Function). RBAC enables admins to grant and revoke different privileges for different roles using SQream Acceleration Studio or SQream CLI. For more information, check out our documentation

Data Encryption

Data in Transit – Transport Layer Security (TLS)

For encrypting all traffic in and out of SQream, users can manually configure TLS when setting one of our industry-known connectors (such as ODBC and JDBC). TLS is applicable for all external connectivity when reading and writing data. For more information, check out our documentation

Data at Rest – Column level

To store sensitive data securely, it is vital to ensure that data is encrypted at rest while also available for processing by the permitted users. SQreamDB on-premise deployment provides the ability to encrypt and decrypt Personally Identifiable Information (PII) at the column level, thus preventing unauthorized users access to it. For more information, check out our documentation

As SQream Blue public cloud deployment doesn’t store data internally, it leans on Google Cloud Storage’s built-in encryption capabilities

Privacy and Security Regulations Compliance 

SQream is currently working to put in place the controls and enhancements to meet the compliance needs of both the General Data Protection Regulation (GDPR) and SOC-2 Type II. Some aspects of this compliance include cost-efficient data deletion and ensuring SQream’s products are being developed using audited processes and controls. SQream is aiming to achieve full compliance by the end of 2023 and simultaneously address ISO/IEC 27001 compliance as a part of our roadmap.  

Business Continuity

An organization’s ability to maintain essential functions during and after a security disruption is crucial. SQream is working persistently to implement a set of functions that will allow business continuity for its customers. By creating high availability of our Metadata Server, in case of a disruption users will be able to recover this service within a few minutes once it’s reconnected to the backup storage. SQream is aiming to complete those features as a part of our roadmap by the end of 2023.