Shared Responsibility for SingleStore Helios

Cloud infrastructure physical security

• Select the cloud provider and the region of choice and cluster size

• Provision the requested clusters in a private network

• All additional configurations described by users

Customer data, accounts and identities

• Create and manage customer data

• Add user accounts and access using identities

• Secure access to customer data

Network isolation and connectivity

• Configure the network connectivity, including Firewall, DNS, Privatelink and IP allowlisting between customer and SingleStore account

• Resource provision for Privatelink creation

SingleStore database access

• Configure user authentication

• Add roles and privileges for users

• Manage certifications and JWKS setups for clusters

• Managed IAM roles on cloud resources to be used by SingleStore Helios

API controls/access

• Manage and configure API keys

• Integration with MFA and other SSO tools

Data encryption (in transit and at Rest) and BYOK

• Set the TLS version to be used

• Configure cloud provider KMS and key policy

• Enable default encryption of data at rest and in motion with cloud provider managed keys

• Connect to the KMS and uses keys for encryption at rest

Granular auditing

• Configure audit levels and audit log destinations

• Stream audit logs to external resources based on configuration from customers

• Enable audit logging for the database automatically

Performance monitoring/alerting

• Configure real time alerts and performance thresholds

• Configure external tools for monitoring and alerting

• Configure performance captures and monitoring capabilities

Security patches and maintenance

• Automatically apply security patches and updates

Backups

• Can create and manage own custom backups in accordance with internal backup and disaster recovery policy

• SingleStore takes automated backups which are stored in case of unexpected disaster

• These backups can be restored by filing a request with Support