Security

System and Application Security

• Private network for applications and data

• Host Intrusion detection and File Integrity Monitoring software

• Rigorous change management and Software Development Lifecycle

• Annual penetration test and code analysis by third-party security firm

• Regular application of operating system and software library security patches

Access Control

• Support for Single Sign On and user provisioning through SAML

• Role based access controls (RBAC)

• Least-privilege authorization between application services and database

• Temporary credentials for all system access

Data Protection

• All data is encrypted while in transit on public networks and at rest

• Regular rotation of encryption and authentication keys

• Multiple secure, encrypted backups in geographically distributed data centers

Operations

• 24/7 staff on-call for incident management

• Any service impacting event is communicated through status.data.world. Additionally, data.world members may get support at help.data.world