Features & Responsibilities Matrix
Define roles and access levels for various features.
All security features that are available on e6data are listed below, along with the responsibility for configuring and managing each.
Network Access Controls
Deploy into an EKS Cluster that you manage and secure. By default is no ingress allowed to the data plane.
AWS
Deployed by the user, using Terraform & Helm templates provided by e6data.
Authenticated access from users or clients to the e6data control plane UI and APIs
AWS
Credentials to access UI & Personal Access Tokens for APIs to be generated by users.
Private access (or private link) from the data plane to the e6data control plane
AWS
Deployed by the user, using Terraform & Helm templates provided by e6data.
IP access lists to control access to e6data control plane UI and APIs over the internet
AWS
Only Kubernetes management access between the e6data control plane and data plane. Any other access should be provided by users.
Ingress for 3rd party querying tools to access the engine.
AWS
User should enable Kubernetes Ingress for external connectors.
User and Group Management
Use the cloud service provider identity management for seamless integration with cloud resources
AWS
e6data
Single Sign-On with identity provider integration (you can enable MFA via the identity provider)
AWS
Can be configured in the e6data console.
Service principals or service accounts to manage application identities for automation
AWS
e6data
User account locking to temporarily disable a user’s access to e6data
AWS
e6data
Role-based access controls to provide least required privileges for users/groups.
AWS
Configured by user.
Access Management
Fine-grained permission-based access control to all e6data objects including workspaces, catalog, clusters and queries
AWS
Users should configure access to their team members.
Secure API access with personal access tokens with permission management
AWS
e6data provides unique tokens in the Console for secure access.
Segment users, workloads and data with different security profiles in multiple workspaces
AWS
Use separate workspaces where possible to segment users who need access to different data sources.
Data Security
Encryption of control plane data at rest
AWS
e6data (enabled by default)
Encryption in transit of all communications between the e6data control plane and customer data plane
AWS
e6data (enabled by default)
Workload Security
Manage code versions effectively with repos
AWS
e6data
Built-in secret management to avoid hardcoding credentials in code
AWS
e6data
Managed data plane docker image regularly updated with patches, security scans and basic hardening
AWS
e6data
Contain costs, enforce security and validation needs with cluster policies
AWS
e6data
Immutable short-lived infrastructure to avoid configuration drift
AWS
e6data
Enhanced hardening with security monitoring and vulnerability reports of managed data plane images
AWS
e6data
Auditing & Logging
Comprehensive and configurable audit logging of activities of e6data users
AWS
Logged by e6data. Can be consumed by users through Console or API.
Logging of run queries
AWS
Logged by e6data. Can be consumed by users through Console or API.
e6data infrastructure logging
AWS
Logged by e6data. Can be consumed by users through Console or API.
Security Certifications
ISO 27001
AWS
ISO 27017
AWS
ISO 27018
AWS
ISO 27701
AWS
SOC 2 Type 1
AWS
Last updated