Cluvio Security & Privacy Overview

Architecture and Hosting


Cluvio is a software-as-a-service platform for data analytics.
This document outlines the security architecture of Cluvio as well as topics related to the security of database connections and your data.

The Cluvio platform is deployed and runs on Amazon Web Services in the eu-central-1 region of AWS located in Frankfurt, Germany. Cluvio utilizes 3rd party services, such as Recurly (billing), Elev.io (in-app help), Sendgrid (email), PaperTrail (logging), PagerDuty (alerting) or Sentry, Pingdom and NewRelic (monitoring).

Cluvio leverages a set of best-practices that guarantee the system security and data privacy:

  • Share-nothing/stateless approach to services
  • Multi-layered approach to system security and system/data access
  • Strong encryption of data in transit and at rest
  • Auditing of all operations, all changes can be attributed to a user account
  • Continuous monitoring both from inside and outside

Here is a basic overview of the Cluvio architecture as it relates to the end user, Cluvio backend services and connection to a customer’s data source: Architecture

Database connection security


To be able to run queries that power the analytical reports, Cluvio needs access to your Database or Data Warehouse. Cluvio supports all the best practice approaches (that evolved over last 10 years of growing use and acceptance of Cloud BI tools) to establishing this access securely. This applies to both connections to cloud hosted databases (AWS RDS, Redshift, Google BigQuery, Microsoft Azure) as well as databases installed on own servers on cloud providers or own HW behind a firewall.

The following approaches are used:

  • Firewalling Cluvio access based on IP addresses and database specific port number
  • Using SSL encrypted connection for the database connection, if supported by the database
  • Using SSH tunnel to proxy access to the database through a hop-server
  • Encouraging the use of a Cluvio-specific read-only user in the database to further restrict access/operations allowed to be performed on the database via Cluvio

More details can be found in the Cluvio Documentation.

How Cluvio uses data in your database


Cluvio analytics is based on SQL and as such does not perform other operations on the database than running specific SQL queries for getting database metadata and running user-entered SQL queries to fetch the data that power the analytical reports.

The results of the database schema queries are stored as metadata on the data source, as long as the data source / account exists.

The results of the report query executions are stored in an in-memory Cache in the Cluvio backend for up to 24 hours. After 24 hours, all the data are automatically purged and no copies of it are retained.

The queries that Cluvio perform against your database are:

  • On initial connection to a database, Cluvio runs SQL queries to determine metadata about the database (version, time zone, number of connections allowed) and the schema of the database (schemas/tables/columns). The schema is also refreshed once every 24 hours so that the information is kept current
  • On running a query in the query editor, the SQL (a result of applying parameters and/or SQL snippets when used) is executed against the database. The exact SQL query executed can be seen the Results tab in the Query editor.
  • For saved reports on a dashboard, the report query is executed against the database each time:
    • The report is manually refreshed (User clicks “Refresh” on report or the dashboard)
    • The dashboard is accessed and the result data are not present in the Cluvio cache
    • The dashboard parameters are changed and the results for that concrete combination of parameters is not in the Cluvio cache
  • For SQL alerts, the query is executed on the configured schedule of the alert
  • For Custom filters with a query, the query is executed to refresh the values on the schedule specified in the filter

Data security and encryption


Any data that is either related to your account or a result of one of the analytical queries is subject to strong security, both in transit and at rest.

In transit

In transit security refers to security of the data as it is transmitted between the Cluvio services and the end user’s computer. All Cluvio communication is performed over HTTPS/SSL connection for both HTTP and Web sockets traffic. Cluvio API is never served via basic unencrypted HTTP connection, other than performing a redirect operation to let clients switch to HTTPS.

All API operations that contain account information or data need to be authenticated.

Encryption at rest

Cluvio stores all account/user data in a database that is encrypted at rest, and all backups of the data are encrypted. User passwords are stored with a best practice strong one-way hashed/salted encryption and cannot be decrypted. Database connection passwords or authorization strings are stored encrypted using a 256-bit key.

Access security


All Cluvio APIs that provide read and/or write access to the account data are authenticated and require authorization via user email and password.

The result of user authentication is a session with a time-limited validity and an access token that authorizes the API access.

The following measures are implemented to prevent abuse:

  • Minimum length requirement for user passwords to be at least 8 characters.
  • Email confirmation required for any new user account or changes to the users’ email address
  • Account locking after certain number of unsuccessful login attempts, requiring unlock link to be sent to the account email address to unlock the account
  • Reset password via best practice email link

Auditing


Cluvio audits all changes made by a user to the account of the organization. This includes logging in/out (with IP address), running queries, creating reports, dashboards or any other objects, changing or deleting any objects.

The audit logs will be exposed to the account admins at a later stage when this feature is implemented as part of the Cluvio admin section.

Monitoring


Cluvio employs a wide range of monitoring services that guarantee the uptime of the Cluvio platform and allow to respond quickly to any operational problems.

This includes:

  • API availability monitoring
  • Server log monitoring
  • Server components and services availability monitoring
  • Browser error monitoring

The summary of the Cluvio platform status, as well as historical incidents, can be viewed at any time at http://status.cluvio.com

Data backup & archiving


Data backup

Cluvio never stores results of your analytical queries other than the in-memory results cache (kept for up to 24 hours and purged automatically afterwards).

Account data are stored as part of a database backup in an encrypted form. The backups are kept for limited time (generally 30 days).

Physical media management

All data copies are handled by native Amazon AWS functions. Amazon AWS uses Guidelines for Media Sanitization (NIST 800-88 or DoD 5220.22-M) where all physical devices are destroyed in Amazon premises and no storage can leave Amazon premises.

Detailed description can be found at the AWS Security Whitepaper page 8, paragraph “Storage Device Decommissioning”.

Certifications & Compliance


Amazon AWS complies with some of the most demanding certifications, namely:

  • Sarbanes-Oxley (SOX) compliance
  • ISO 27001 Certification
  • PCI DSS Level I Certification
  • HIPAA compliant architecture
  • SOC1 Audit, SOC2, SOC3
  • FISMA MediumATO
  • Service Health Dashboard

For full up-to-date list of certifications and compliance audit reports see https://aws.amazon.com/compliance.

Responsible Disclosure Policy


If you are a security expert or researcher and you believe that you have found a security issue in Cluvio, we encourage you to notify us at security@cluvio.com.

Please make a good faith effort to protect our users' privacy and data.

We look forward to working with you to resolve the issue as soon as possible and will award bug bounties if applicable.