Security
BigAnimal runs in your own cloud account, isolates your data from other users, and gives you control over our access to it. The key security features are:
Data isolation: Clusters are installed and managed in your cloud environment. Complete segregation of your data is ensured. Your data never leaves your cloud account, and compromise of another BigAnimal customer's systems doesn't put your data at risk.
Granular access control: You can use single sign-on (SSO) and define your own sets of roles and role-based access control (RBAC) policies to manage your individual cloud environments. See Managing portal access for more information.
Data encryption: All data in BigAnimal is encrypted in motion and at rest. Network traffic is encrypted using Transport Layer Security (TLS) v1.2 or greater, where applicable. Data at rest is encrypted using AES with 256-bit keys. Data encryption keys are envelope encrypted, and the wrapped data encryption keys are securely stored in a key management system in your account. Encryption keys never leave your environment.
Portal audit logging: Activities in the portal, such as those related to user roles, organization updates, and cluster creation and deletion, are tracked and viewed in the activity log.
Database logging and auditing: Functionality to track and analyze database activities is enabled automatically. For PostgreSQL, the PostgreSQL Audit Extension (pgAudit) is enabled for you when deploying a Postgres cluster. For EDB Postgres Advanced Server, the EDB Audit extension (edbAudit) is enabled for you.
- pgAudit: The classes of statements being logged for pgAudit are set globally on a cluster with
pgaudit.log = 'write,ddl'
. The following statements made on tables are logged by default when the cluster type is PostgreSQL:INSERT
,UPDATE
,DELETE
,TRUNCATE
, ANDCOPY
. AllDDL
is logged.
- pgAudit: The classes of statements being logged for pgAudit are set globally on a cluster with
Database cluster permissions The edb_admin account created during the create cluster process includes the CREATEDB and CREATEROLE database roles. We recommend using the edb_admin account to create a new application user and new application database for further isolation. See Managing Postgres access for more information.
See also
- On this page
- See also