Physical

AWS and Azure data centers are frequently audited and comply with a comprehensive set of frameworks including ISO 27001, SOC 1, SOC 2, SOC 3, PCI DSS.

Additionally, AWS and Azure physical data centers are located in non-disclosed locations and have stringent physical access controls in place to ensure that no unauthorized access is permitted, including biometric access controls and twenty-four hour security guards and video surveillance.

Infrastructure

• Access Control: Control over inbound and outbound traffic leveraging security groups (AWS) and network security groups (Azure).
• Logging and Monitoring: Comprehensive logging and monitoring for security events.

Host

• Hardening: All hosts run a current release of Ubuntu (Data Plane) or CoreOS (Control Plane). Operating systems are hardened according to industry best practices.
• Scanning: Hosts are scanned monthly for vulnerabilities.
• Patching and Updates: Hosts are patched periodically for security updates and critical patch fixes.

Application

• Secure System Development Life Cycle (SDLC): Adhere to security processes and checks that are an integral part of development.
• Security QA and Penetration Testing: Rid the platform of security defects with rigorous security and pen testing.
• Developer Security Training: Educate developers on security principals essential for their role.
• Threat Modeling: Assess major risks to design and implement preventative security controls.
• End User Security: Databricks provides the following capabilities natively in the platform:
• Single Sign-On (SSO): Authenticate users with your existing provider using SAML 2.0. Databricks supports: Okta, Google for Work, OneLogin, Ping Identity, Microsoft Windows Active Directory.
• Role-based Access Controls: Apply access control policies leveraging Databricks Cluster AWS IAM and Microsoft Active Directory roles, notebook ACL, workspace ACL, jobs ACL, cluster ACL, and library ACL.
• Audit Logs: Provides insight into events within your deployment.

Data

• Data Encryption: We use the latest version of TLS and strong encryption from AWS KMS and Azure Key Vault.
• Access Controls: Fine-grained access control to notebooks, workspaces, jobs, and clusters.
• Databricks Access: Automated control over Databricks access to customer data.
• Data Governance: Customer data is persisted in designated AWS and Azure regions.
• Backups: Automated scheduled backups of metadata and systems every 24 hours.
• Retention and Deletion: Adherence to strict data retention policies in compliance customer requirements.