Skip to main content
Products
Databend Security Design
Databend Cloud logo
VS
Comparisons between Databend Cloud and Snowflake
Products
Databend Cloud logo
Databend Cloud
Fully-Managed on Cloud
Databend LOGO
Databend Enterprise
Self-Hosted with Additional Enterprise Features
Databend LOGO
Databend Community
Self-Hosted & Free
PricingUse Cases
Resources
Resources
Documentation
Blog
Downloads
Community
Community
Help build Databend by contributing to our open-source community.
How to Contribute
Learn how to contribute to Databend
Developer Guide
Connect your applications to Databend
JOIN THE COMMUNITY
Book a DemoSign In
Security

Databend Security Design

Secutity
|
Encryption
|
Complicance

Security

Role Based Access Control (RBAC) + Discretionary Access Control (DAC)

Databend incorporates both Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) models for its access control functionality.

Masking Policy

A masking policy refers to rules and settings that control the display or access to sensitive data in a way that safeguards confidentiality while allowing authorized users to interact with the data.

Network Policy

Network policy in Databend is a configuration mechanism designed to manage and enforce network access control for users within the system. It allows you to define sets of rules governing the allowed and blocked IP address ranges for specific users, effectively controlling their network-level access.

Password Policy

Databend includes a password policy to strengthen system security and make user account management smoother. This policy sets rules for creating or changing passwords, covering aspects like length, types of characters, age restrictions, retry limits, lockout durations, and password history.

AWS PrivateLink

PrivateLink provides enhanced network security by connecting to databend cloud cluster over VPC peering. Customers can initiate the connection to the desired service using a VPC endpoint, which can be further configured with security groups to create trust boundaries and control access to the endpoint. Currently, this feature is only available on AWS.

Encryption

TLS 1.2

We provide end-to-end encryption for all communication. All customer data-flow are solely over HTTPS. Connections encrypted using TLS 1.2 from clients through to the Databend API gateway.

Storage Encryption

Databend Enterprise supports server-side encryption in OSS. This feature enables you to enhance data security and privacy by activating server-side encryption for data stored in OSS. You can choose the encryption method that best suits your needs.

Complicance

SOC 2 Type II

An independent third-party has thoroughly conducted a SOC 2 Type II assessment, affirming the robustness and effectiveness of our operational controls. Emphasizing our commitment to security and excellence, we continuously monitor and enhance our operational controls and defenses against vulnerabilities. Our dedicated team ensures these standards are upheld without compromise. We are scheduled to receive the next audit report by October 2024.

GDPR

Our GDPR compliance hinges on strict data privacy enforcement, robust encryption, and regular privacy audits to shield personal data from unauthorized access. We enforce stringent access controls, permitting only a select group of trained security personnel to access and monitor our infrastructure and operational logs, ensuring the highest levels of data protection and compliance.

401 RYLAND ST. STE 200-A, Reno, NV 89502, USA
© 2024 Databend Cloud. All Rights Reserved.
Terms of UsePrivacy Policy

Products

Resources

Community

Company