Security and Compliance Inheritance
Architected to be the most secure cloud infrastructure, AWS has the most proven operational experiences of any cloud providers. With the highly trusted and secure-by-design cloud infrastructure, Xdata inherits the most comprehensive compliance controls from AWS,
with 143 security standards and compliance certifications, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171.
Protect your data with Xdata secured architecture
Terminology
-
Xdata Customer Service Account: Manage for workload account.
-
Workload account: main data account.
Security Feature Matrix
Network access
-
Option to deploy into a VPC/VNet that you manage and secure. By default there are no inbound network connections to the Data platform.
-
Private access (or private link) from user or clients to the Xdata control center UI and APIs.
-
Private only network mode: Control center and Data Platform have no outbound internet connections, only accessible from customer networks.
User and group administration
-
Use the AWS identity management for seamless integration with AWS resources.
-
Single Sign-On with identity provider integration (you can enable MFA via the identity. provider). Supported identity provider: Active Directory, Azure AD, Keycloak and any OIDC 1.0 identity providers.
-
Service principals or service accounts to manage application identities for automation.
-
User account locking to temporarily disable a user’s access to Xdata.
Access management
-
Fine-grained permission-based access control to all Xdata resources: Connection config, ETL. jobs scripts, dashboard… following Attribute Based Access Control (ABAC) frameworks.
-
Segment users, workloads, and data with different security profiles in multiple workspaces.
Data security
-
Encryption of workload account data at rest.
-
Customer-managed keys encryption available.
-
Encryption in transit of all communications between Workload Account and Xdata Customer Service.
-
Fine-grained data security and PII protection with masking, encryptions.
-
Full control over data outflow limit for users.
Data governance
-
Fine-grained data governance with Open Metadata Standard.
-
Centralized metadata and user management.
-
Metadata versioning to keep track of every changes to data assets, manual from users to automated by systems.
-
Centralized data access controls with Lake Formation Integrations.
-
Data lineage with Xdata Metadata.
-
Data access auditing via native Cloud Trail and Xdata Metadata.
-
Secure data sharing with Lake Formation Sharing Integration.
Workload security
-
Git integration to provide code versioning.
-
Built-in secret management to avoid hardcoding credentials in code.
-
Native AWS Machine image with basic hardening from AW.
-
Enhanced hardening with security monitoring and vulnerability reports for Xdata machine images.
Auditing and logging
-
Configurable and comprehensive user activity audit logging.
-
SQL command logging for interactive queries.
-
Data processing jobs logging.
-
Native AWS activity logging with Cloud Trail.