Shared Responsibility for SingleStore Cloud

SingleStore Cloud has built in security controls that makes it a secure environment to run customer workloads. However the burden of keeping it secure is shared between customers and the SingleStore Cloud team. SingleStore Cloud is designed with strong security by default so that there is minimal burden on customers. The default configuration includes encryption at rest, encryption in transit, removal of public access, and deployment within strong network boundaries. Customers are responsible for configuring the necessary levels of control which based on the security posture of their organization.

Responsibility

Customer

SingleStore Cloud

Cloud infrastructure physical security

  • Select the cloud provider and the region of choice and cluster size

  • Provision the requested clusters in a private network

  • All additional configurations described by users

Customer data, accounts and identities

  • Create and manage customer data

  • Add user accounts and access using identities

  • Secure access to customer data

Network isolation and connectivity

  • Configure the network connectivity, including Firewall, DNS, Privatelink and IP allowlisting between customer and SingleStore account

  • Resource provision for Privatelink creation

SingleStore database access

  • Configure user authentication

  • Add roles and privileges for users

  • Manage certifications and JWKS setups for clusters

  • Managed IAM roles on cloud resources to be used by SingleStore Cloud

API controls/access

  • Manage and configure API keys

  • Integration with MFA and other SSO tools

Data encryption (in transit and at Rest) and BYOK

  • Set the TLS version to be used

  • Configure cloud provider KMS and key policy

  • Enable default encryption of data at rest and in motion with cloud provider managed keys

  • Connect to the KMS and uses keys for encryption at rest

Granular auditing

  • Configure audit levels and audit log destinations

  • Stream audit logs to external resources based on configuration from customers

  • Enable audit logging for the database automatically

Performance monitoring/alerting

  • Configure real time alerts and performance thresholds

  • Configure external tools for monitoring and alerting

  • Configure performance captures and monitoring capabilities

Security patches and maintenance

  • Automatically apply security patches and updates

Backups

  • Can create and manage own custom backups in accordance with internal backup and disaster recovery policy

  • SingleStoreDB takes automated backups which are stored in case of unexpected disaster

  • These backups can be restored by filing a request with Support

Last modified: February 16, 2024

Was this article helpful?