Security Requirements

• Requirement: Data platform provide data integrity ensuring no loss or corruption of data through its lifecycle.

• BDB Response: Yes, BDB Platform provide data integrity ensuring no loss or corruption of data through its lifecycle.

• Requirement: Data platform should have encryption capabilities both for data-in-motion (data moved in the network) as well as data-at-rest (data stored in the Data platform repositories).

• BDB Response: BDB Platform uses industry standard encryption methodology to secure client’s database connection credentials, cached data, & many other security demanding factors.

• Requirement: Data platform support granular levels of data encryption, such as file-level encryption, Format Preserving Encryption (FPE) or tokenization.

• BDB Response: Yes, Mongo dB offers built-in security controls for all your data. It enables enterprise grade features to integrate with your existing security protocols and compliance standards. With MongoDB, your data is protected with security features for authentication, authorization, encryption and more –

• Network Isolation – Dedicated clusters can be deployed in a VPC with dedicated firewalls. Access must be granted by an IP access list or VPC peering

• Roles-based access management – Configure sophisticated role-based access rules to control which users and teams can access, manipulate, and delete data in your databases.

• End-to-End encryption – All network traffic is encrypted using TLS, with flexibility to configure the minimum TLS protocol version, encryption for data at rest is automated using encrypted storage volumes. Enable automatic client-side field level encryption to encrypt sensitive data before it leaves the application and land in the cloud.

• Requirement: Data platform should support data masking capabilities

• BDB Response: Yes, BDB Platform has built-in Data Masking capability.

• Requirement: Data platform should support Identity and Access Management through user authentication (Role Bases Access Control) and credential management capabilities

• BDB Response: Yes, BDB Platform identity and access management through RBAC -  

System Level Security - This feature allows one to offer access at different levels for example the access reach of any particular user or user group under admin. User Management – User managements comes an entire module inside BDB module where admin can manage various permissions, restrictions related to user & user group. Any user or user group can be assigned or restricted to use various other plug-ins & features of platform. In addition, custom field settings can be created & mapped with the user & user group properties. Data Level Security – Data level security becomes crucial when a large part of organization is involved in it. This feature provides organization a custom, scalable method of applying security across their entire user base. BDB maintains data level security which lets user restrict data insights only to desired audience.

• Object Level security

• Row level security

• Data at rest are password protected inside DMZ.

• Requirement: Permissions should be driven by policies based on least privilege principle.

• BDB Response: Yes, BDB Platform facilitates permissions to be driven by policies based on least privilege principle.

• Requirement: Data Platform should have the capability of setting up Multifactor Authentication (MFA).

• BDB Response: Yes, BDB Platform has capability for setting up Multifactor Authentication with 3rd Party provider.

• Requirement: Users should be able to access the Data Platform using Single Sign On capability.

• BDB Response: Yes, In BDB Platform Trusted Authentication can be used to support authentication methods such as SAML, x.509 and other methods which do not have dedicated authentication plugins. If your application server can work as a SAML service provider, you can use Trusted Authentication to provide SAML SSO to BDB platform.

• Requirement: Protect from common attacks not limited to DDoS attacks, SQL Injection, Cross Site Scripting.

• BDB Response: Yes, BDB Platform provides protection from common attacks not limited to DDoS attacks, SQL injection, Cross Site scripting.

• Requirement: Support End Point security to prevent detect and respond to threats.

• BDB Responses: Yes, BDB Platform support End point Security to prevent & respond to threats.

For many internal deployments, network security is provided by preventing access to the network as a whole. However, even in these cases it is important to securely transmit credentials across the network. For external deployments, transmission security is critical to protect sensitive data and credentials and to prevent malicious use of BDB Platform.

There are the following main network interfaces to the BDB Platform:

• Configures HTTPS (SSL) with customer supplied security certificates.

• BDB Platform-to-database uses native drivers whenever possible and uses generic ODBC adapters when native drivers are not available.

• Secure communication between BDB Platform Server components is only applicable in distributed deployments and is done using a stringent trust model to ensure each server receives valid requests from other servers in the cluster.

• Securing network transmission, all user passwords and credentials are encrypted in transmission and passwords are not stored in clear text.

• Requirement: Support out-of-the-box capabilities to manage compliance with respect to GDPR (“General Data Protection Regulation”), SOX and other regulatory requirements.

• BDB Response: Yes, BDB Platform supports out-of-the-box capabilities to manage compliance with respect to GDPR and other regulatory requirements.

BDB Data Pipeline has bult-in Data Loss Protection component which enables masking, hashing, Redaction & Date generalization.