Data Security
As we embrace cloud services, the safety of our/yours data has become a top priority. This concern not only relates to the regulatory compliance of enterprise data services, but more crucially, to the protection of vital business data. Recognizing this, ClickPipes was designed with security at its core
From architectural design, technical implementation, and operational procedures, strict safeguards have been put in place, ensuring a safe and secure user experience
Reliable Infrastructure
Secure Operational Environment: ClickPipes Cloud utilizes Microsoft Azure as its preferred deployment platform. All core components operate within a Virtual Private Cloud (VPC), isolated from the public internet. Rigorous firewall controls further secure both inbound and outbound traffic, ensuring heightened data security
Flexible Deployment Options: In the ClickPipes Cloud technical framework, the Mirror Engine plays a pivotal role, primarily handling data synchronization tasks. Users are offered the convenience of one-click deployment of the Mirror Engine on platforms like AWS, Azure, and GCP, reducing external vulnerabilities and guaranteeing robust security
What is the role of Mirror Engine?
Systematic Security Design
Account Access Control
Multiple layers of security checks are employed, including login frequency, geographical location, and device type. Any unconventional login attempts will trigger an alarm. To further strengthen data security, ClickPipes Cloud has introduced a two-step verification process for critical operations on data sources and tasks.
Role-Based Access
A comprehensive and adaptable permission management system has been established, based on users and roles. This ensures that only authorized individuals within the organization can access the data. Standard user roles, such as administrators, operation staff, data analysts, and data engineers, are pre-defined. Custom roles can also be created, allowing specific resource permissions to be assigned, ensuring optimal data protection.
User Activity Audit
A robust user activity log and audit system have been implemented. All user operations are meticulously recorded, providing the ability to review past actions and enhance transparency, as well as identifying potential threats.
End-to-End Encryption
At ClickPipes Cloud, data protection is paramount. We have implemented end-to-end encryption to comprehensively safeguard your data sources and task configurations. This ensures that only authorized users can access and modify the data, effectively eliminating breach risks.
Data Masking Display
Sensitive details, whether usernames, passwords, authentication data, or database addresses, undergo a masking process in ClickPipes Cloud. No matter the interface, whether it's input fields, monitoring pages, dashboards, or logs, sensitive details are never fully displayed, ensuring the utmost protection of privacy.
Moreover, administrators have the prerogative to tag certain fields as sensitive. Once configured, these fields will remain inaccessible across all interfaces. This includes data preview, data exploration, and log displays. To enhance security, any modifications to sensitive fields require administrator rights and a two-step verification process. All related actions are documented in immutable audit logs.
Comprehensive Data Protection
To guarantee utmost protection at every step, ClickPipes Cloud employs several crucial measures:
Data Storage and Cleaning
Clear guidelines have been established for the usage and retention of user data. Temporary data, encrypted using the AES algorithm, is purged according to established rules, ensuring optimal protection in various scenarios:
- Only necessary table schema data is retained during model loading and inference. Once the data source is deleted, this information is promptly purged.
- In case of task anomalies, related error logs are made available for review. However, these logs are permanently deleted after the task's removal or at the maximum of 7 days.
- During data previews, certain data temporarily passes through the computation engine but is immediately discarded upon preview completion.
Data Source Security Measures
- All database and API credentials you provide are encrypted stringently. Apart from the application, no one has access to these details
- Support for SSL or SSH tunnel encrypted connections to data sources, safeguarding data connectivity and transmission
- Both fully managed and semi-managed Mirror Engine deployment modes are available to meet diverse data transfer requirements:
- Semi-Managed: All of your data, whether in its raw form or has been processed, is stored and managed within your private environment exclusively. The Mirror Engine is deployed in your own private network, handling data orchestration and processing tasks in-house, ensuring that no data ever leaves your network perimeter. This deployment model is ideal for organizations with strict data sovereignty requirements or those working with highly sensitive data that must remain within specific geographic or network boundaries.
- Fully Managed: During any task execution, your data only travels between the source database, the Mirror Engine, and the destination database. At no point will data be uploaded to ClickPipes Cloud. The Mirror Engine provides a securely managed external service address, allowing you to bolster security measures through database whitelists or specific firewall rules.
Account Password Security Policies
ClickPipes Cloud employs industry-standard one-way hashing to store user credentials. Each user's data utilizes a unique hash key, which is stored separately, ensuring that all data operations are thoroughly audited to prevent potential breaches.
Data Transfer and Processing Safety
By default, ClickPipes Cloud's data processing bypasses third-party components. Except for reading and writing data sources, all operations occur in-memory. When the database log cache feature is activated, some source database events are encrypted and stored locally in the Mirror Engine's directory. At no point is this data transferred to any location other than the target database.
Rigorous Operational Standards
To ensure every operational facet meets the highest security standards, ClickPipes Cloud has adopted the following rigorous measures:
Operational Auditing
To maximize data security, ClickPipes Cloud keeps real-time logs and monitors all internal operations related to user data. The development team adheres to strict procedural and permission guidelines, ensuring detailed logging of any interaction with user data. Furthermore, all communications with customers, whether via email or online chat, are secured using robust password policies, two-factor authentication, and undergo stringent security reviews by ClickPipes Cloud's internal teams.
Compliance with Security Standards
ClickPipes Cloud remains steadfast in its commitment to adhere to all relevant laws, regulations, and standards, ensuring the services rendered always uphold the highest security benchmarks.
Code Security Review
Every feature of ClickPipes Cloud undergoes rigorous vulnerability checks. Automated tools are employed to guarantee a zero-vulnerability standard, forming the cornerstone of product releases and ensuring the utmost code security.
Facing the evolving threats and challenges of the digital realm, ClickPipes Cloud's security team remains ever-vigilant, consistently monitoring, assessing, and enhancing security protocols. We're dedicated to providing a trusted and secure data integration and management platform, ensuring your full confidence in ClickPipes Cloud's services.