Data Security & Privacy

This page focuses on the security specific questions.

By Company

Does the BDB Platform allow the admin to configure user access at the company level?

Yes, the BDB Platform has a built-in Security module which allows the admin to configure user access at the company level.

By Department/Division

Does the BDB Platform allow the admin to configure user access at the department or division level?

Yes, the BDB Platform has a built-in Security module that allows the admin to configure user access at the department or division level.

By Menu

Does the BDB Platform allow the admin to configure user access by Menu?

Yes, the BDB Platform has built-in user management which allows the admin to configure user access by menu, for example - Department 1 can have access to the Data Science module but, other modules will not be accessible.

By Function

Does the BDB Platform allow the admin to configure user access by Function?

Yes, the BDB Platform has built-in user management which allows the admin to configure user access at the menu level by functions like View, Add, Change, Delete, Publish, etc.

By Dimension

Does the BDB Platform allow the admin to configure user access by Dimension?

Yes, the BDB Platform has a built-in Security module that allows the admin to configure user access by dimensions. The below-given image displays an example of data restriction by dimension:

By Dimension Value

Does the BDB Platform allow the admin to configure user access by Dimension Value?

Yes, the BDB Platform has a built-in Security module that allows the admin to configure user access by dimensions value. Dimension values are defined at the data set level.

By Measure

Does the BDB Platform allow the admin to configure user access by Measure?

Yes, the BDB Platform has a built-in Security module that allows the admin to configure user access by measure. It can be restricted from the Security module as well as at the Data Set level.

Does the BDB Platform provides different level of security and user management access?

BDB Platform identify and access management through RBAC - System Level Security - This feature allows one to offer access at different levels for example the access reach of any particular user or user group under admin. User Management – User managements comes an entire module inside BDB module where admin can manage various permissions, restrictions related to user & user group. Any user or user group can be assigned or restricted to use various other plug-ins & features of platform. In addition, custom field settings can be created & mapped with the user & user group properties. Data Level Security – Data level security becomes crucial when a large part of organization is involved in it. This feature provides organization a custom, scalable method of applying security across their entire user base. BDB maintains data level security which lets user restrict data insights only to desired audience.

  • Object Level security

  • Row level security

  • Data at rest are password protected inside DMZ.

Does the BDB Platform provides different level of security and user management access?

BDB Platform identity and access management through RBAC - System Level Security - This feature allows one to offer access at different levels for example the access reach of any particular user or user group under admin.

User Management – User managements comes an entire module inside BDB module where admin can manage various permissions, restrictions related to user & user group. Any user or user group can be assigned or restricted to use various other plug-ins & features of platform. In addition, custom field settings can be created & mapped with the user & user group properties.

Data Level Security – Data level security becomes crucial when a large part of organization is involved in it. This feature provides organization a custom, scalable method of applying security across their entire user base. BDB maintains data level security which lets user restrict data insights only to desired audience

  • Object Level security

  • Row level security

  • Data at rest are password protected inside DMZ.

Describe the user audit logging capabilities of the system. For example, can audit logs be configured to show user logins, queries, data sources accessed, modifications to reports/dashboards, etc?

Yes, all interaction on BDB Platform are via API. These API's have interceptors which tracks and logs all the interactions like user logins, dashboard accessed, data sources accessed, modification in reports/dashboard etc. These logs can be stored in the pre-configured data store.

Is the BDB Platform equipped with security features at the visualization, functional, and data levels?

  • The platform supports RBAC.

  • Dashboards can be published to selected roles with exclude user capability.

  • When a user is re-assigned to a different role, the user gets access to those visualizations that are permitted to the assigned role only.

  • Ability to provide row-level data restriction via user attributes.

  • SQL & script ingestions are prevented at the API interceptor level.

Does the system support user based data access control? Please describe how the system can support creation of a single dashboard where the data presented is based on the access granted to the individual, logged in, user.

Yes, user base access control can be applied on BDB Platform. Platform provides ability to provide row level data restriction via user attributes.

How can data access be regulated in a multi-tenant deployment to ensure full data privacy among tenants?

In a multi-tenant deployment,

  • Each tenant has its metadata using which each data connector is configured.

  • The data connector configured for one tenant is not accessible by another tenant.

  • Tenant-based Data connector credentials can be configured as Kubernetes secrets.

How does the system support SSO?

  • Platform supports SSO via SAML 2.0.

Does the system have the ability to share certain dashboards based on role / user profile, ability to provide read only access, ability to share dashboards with external users?

  • The Platform supports RBAC.

  • Dashboards can be published to selected roles with exclude user capability.

  • When a user is re-assigned to a different role, the user gets access to those visualizations that are permitted to the assigned role only.

  • The Platform can provide read-only access to the visualization.

  • Dashboard links can be shared via an Open-doc link generated via the platform to external users. This link can be reset to disable access.

Does the system have any tools/capabilities that will assist in supporting privacy standards (GDPR, CCPA, HIPAA, ISO 27001, HITRUST, PCI Level 1/2, SOC2)? Please describe the certifications supported and related privacy risk assessment practices.

Yes, the BDB Platform is designed keeping Industry privacy standards like GDPR, CCPA, HIPAA, ISO 27001, HITRUST, PCI Level 1/2, SOC2, etc. As the BDB Platform will be deployed on Customer private cloud environment, 3rd party compliance can be carried out by Customer for the privacy certification for that deployment. We have deployed this platform for two out of fortune 50 companies & 10 out of fortune 500 companies.

What security vulnerability scanning tools were utilized during product development, and how often are the rules and checks updated?

We implement container scanning using Trivy during the build process. We also do dependency scanning periodically. Every major release goes through 3rd Party PEN test.

Please describe if the system has been impacted in any recent Global Security Vulnerabilities? If yes, what was the turn around time to fix and provide an updated release to address the vulnerabilities?

We were not impacted by any recent Global security vulnerabilities even like log4j JDNI.

What certifications does The BDB data centres that host customer data have (SOC2, ISO, etc.)?

BDB platform provides organizations with the flexibility to host their solution on a variety of cloud infrastructures, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). By deploying on one of these leading cloud providers, organizations can take advantage of the robust security and certifications offered by these platforms.

These cloud providers have extensive security certifications, such as ISO 27001, SOC 1, SOC 2, and PCI DSS, among others, to ensure the highest level of security for their customers. These certifications provide assurance that the underlying infrastructure meets the strictest security standards, helping organizations to meet their regulatory requirements and maintain the confidentiality, integrity, and availability of their data. By providing the ability to deploy on a leading cloud infrastructure, BDB helps organizations to achieve their desired business outcomes in a secure and compliant manner.

What PII data lives within the BDB Platform?

BDB does not store any PII (Personally Identifiable Information) of its customers.

BDB, being a responsible and security-conscious organization, ensures that all Personally Identifiable Information (PII) of its customers remains secure and protected. The information is solely stored in the customer's database and never resides within BDB's systems. During the authentication process, BDB maps the customer's data through the Single Sign-On (SSO) protocol that the customer is utilizing. This not only simplifies the login process for the users but also guarantees the protection of sensitive information at all times. By following such stringent measures, BDB demonstrates its commitment to privacy and security for all its valued customers.

What type of roles does the BDB platform have for the users?

BDB Platform provides following roles:

  • Admin/Data Admin

  • Dashboard & Self Services Creator

  • Dashboard Creator

  • Dashboard & Self Service Viewer

  • Dashboard Viewer

How are secrets managed by the BDB Platform application?

All the customer secrets are stored as Kubernetes secrets and the platform is referring to this. In the case of CI/CD, we are storing the secrets in git with SOPS encryption and syncing with Kubernetes.

Does the BDB platform have a concept of admin user?

Yes, the BDB Platform has the concept of an admin user. An Admin user in the BDB Platform is typically a member of the Administrators group and is assigned the Admin role that provides the necessary permissions and privileges to perform administrative tasks.

The admin users can manage and configure the environment, such as managing users, groups, and permissions, and controlling access to resources such as Pipeline, notebook, Preparation, and data sources.

Admin users can also manage BDB Platform Secrets and configure security settings such as authentication, authorization, and data encryption. They can also monitor usage, perform maintenance, and configure the infrastructure for the Platform workspace.

Does the BDB platform have a concept of service principal for service-to-service integration?

Does the BDB platform provide a console where all users & service principals can be managed?

The BDB Platform has a Security module where the admin can create/configure different user/user groups and define access level security for them:

System Level Security - This feature allows one to offer access at different levels for example the access reach of any particular user or user group under admin.

User Management – It is part of the Security module under the BDB Platform where the admin can manage various permissions, and restrictions related to the user & user group. Any user or user group can be assigned to or restricted from using various other plug-ins & features of the platform.

In addition to this, the Custom Field Settings can be configured inside the Admin module & mapped with the user & user group properties using the Security module to impose data restrictions.

Data Level Security – Data level security becomes crucial when a large part of the organization is involved in it. This feature provides the organization with a custom, scalable method of applying security across its entire user base. BDB maintains data level security which lets users restrict data insights only to the desired audience.

How often does the BDB Platform perform sec-pen testing of its solution?

BDB conducts a pen test by third party annually for major releases.

Can BDB Platform share an attestation from system last run?

BDB conducts a pen test by third party annually for major releases. The PEN test report can be shared with customer based on the specific requests.

PreviousAdministrationNextAnalytics

Last updated