Cluvio is a software-as-a-service platform for data analytics.
This document outlines the security architecture of Cluvio as well as topics related to the security of database connections and your data.
The Cluvio platform is deployed and runs on Amazon Web Services in the eu-central-1 region of AWS located in Frankfurt, Germany. Cluvio utilizes 3rd party services, such as Recurly (billing), Elev.io (in-app help), Sendgrid (email), PaperTrail (logging), PagerDuty (alerting) or Sentry, Pingdom and NewRelic (monitoring).
Cluvio leverages a set of best-practices that guarantee the system security and data privacy:
Here is a basic overview of the Cluvio architecture as it relates to the end user, Cluvio backend services and connection to a customer’s data source:
To be able to run queries that power the analytical reports, Cluvio needs access to your Database or Data Warehouse. Cluvio supports all the best practice approaches (that evolved over last 10 years of growing use and acceptance of Cloud BI tools) to establishing this access securely. This applies to both connections to cloud hosted databases (AWS RDS, Redshift, Google BigQuery, Microsoft Azure) as well as databases installed on own servers on cloud providers or own HW behind a firewall.
The following approaches are used:
More details can be found in the Cluvio Documentation.
Cluvio analytics is based on SQL and as such does not perform other operations on the database than running specific SQL queries for getting database metadata and running user-entered SQL queries to fetch the data that power the analytical reports.
The results of the database schema queries are stored as metadata on the data source, as long as the data source / account exists.
The results of the report query executions are stored in an in-memory Cache in the Cluvio backend for up to 24 hours. After 24 hours, all the data are automatically purged and no copies of it are retained.
The queries that Cluvio perform against your database are:
Any data that is either related to your account or a result of one of the analytical queries is subject to strong security, both in transit and at rest.
In transit security refers to security of the data as it is transmitted between the Cluvio services and the end user’s computer. All Cluvio communication is performed over HTTPS/SSL connection for both HTTP and Web sockets traffic. Cluvio API is never served via basic unencrypted HTTP connection, other than performing a redirect operation to let clients switch to HTTPS.
All API operations that contain account information or data need to be authenticated.
Cluvio stores all account/user data in a database that is encrypted at rest, and all backups of the data are encrypted. User passwords are stored with a best practice strong one-way hashed/salted encryption and cannot be decrypted. Database connection passwords or authorization strings are stored encrypted using a 256-bit key.
All Cluvio APIs that provide read and/or write access to the account data are authenticated and require authorization via user email and password.
The result of user authentication is a session with a time-limited validity and an access token that authorizes the API access.
The following measures are implemented to prevent abuse:
Cluvio audits all changes made by a user to the account of the organization. This includes logging in/out (with IP address), running queries, creating reports, dashboards or any other objects, changing or deleting any objects.
The audit logs will be exposed to the account admins at a later stage when this feature is implemented as part of the Cluvio admin section.
Cluvio employs a wide range of monitoring services that guarantee the uptime of the Cluvio platform and allow to respond quickly to any operational problems.
The summary of the Cluvio platform status, as well as historical incidents, can be viewed at any time at http://status.cluvio.com
Cluvio never stores results of your analytical queries other than the in-memory results cache (kept for up to 24 hours and purged automatically afterwards).
Account data are stored as part of a database backup in an encrypted form. The backups are kept for limited time (generally 30 days).
All data copies are handled by native Amazon AWS functions. Amazon AWS uses Guidelines for Media Sanitization (NIST 800-88 or DoD 5220.22-M) where all physical devices are destroyed in Amazon premises and no storage can leave Amazon premises.
Detailed description can be found at the AWS Security Whitepaper page 8, paragraph “Storage Device Decommissioning”.
Amazon AWS complies with some of the most demanding certifications, namely:
For full up-to-date list of certifications and compliance audit reports see https://aws.amazon.com/compliance.
If you are a security expert or researcher and you believe that you have found a security issue in Cluvio, we encourage you to notify us at firstname.lastname@example.org.
Please make a good faith effort to protect our users' privacy and data.
We look forward to working with you to resolve the issue as soon as possible and will award bug bounties if applicable.