Rockset Security & Compliance
Our customers trust Rockset to protect their data. That trust requires a service that is highly available and secure. As a Rockset customer, you benefit from a service designed, built, maintained, and monitored to meet rigorous security, compliance, and privacy requirements.
Built For The Cloud
Rockset is offered as a fully managed cloud service - 100% born and built in the cloud. Currently, all of Rockset's services are run and hosted in Amazon Web Services (AWS), hence our security policies follow AWS best practices and leverage the underlying security policies of AWS. Rockset does not operate any physical hosting facilities or physical computer hardware of its own.
Rockset offers enterprise-level security features designed to protect and secure Rockset customer data.
IP Allowlisting restricts access to only a specified set of IP addresses so only calls made to the Rockset service originating from a specified IP address will be accepted.
Views are stored SQL queries that can be queried like any other persistent data in Rockset and provide you extra security by limiting the exposure of the underlying data to authorized users.
Role Based Access Control (RBAC)
Rockset enforces least privileged access through custom roles that can be scoped to the resource level and to specific actions, giving users only the level of access they need at that time.
PII (personally identifiable information) or PHI (protected health information) fields can be transformed at ingest with a one-way crypto hash function so that Rockset only stores the hashed value and not the original PII/PHI field.
Single Sign On
Rockset has integrations with SSO providers like Okta to enforce strong user authentication to Rockset.
Rockset maintains comprehensive, searchable, and exportable audit logs of all security-related events including authentication, permissions changes, CRUD operations, assumptions of privileges, and more.
Rockset has native support for strong multi-factor authentication including TOTP when accessing the Rockset console.
Data Encryption in Flight
Data in flight from customers to Rockset and from Rockset back to customers is encrypted through TLS 1.2 certificates with HSTS and controlled by network policies. Certificates are created and managed by AWS Certificate Manager. An AWS application load balancer terminates TLS connections at our API endpoint. We secure internal communication using AWS VPC functionality.
Data Encryption at Rest
Data is encrypted at rest throughout all of Rockset's services using encryption keys that are managed by AWS Key Management Service (KMS) and are never exposed to anyone, including to Rockset employees.
Rockset employs a third party security firm to perform Security, Vulnerability, and Penetration testing across our platform. These are run at least annually and findings are remediated according to their criticality and prioritization.
Vulnerability Disclosure Program
Rockset is committed to working with industry experts and security researchers to ensure our products are the most secure they can be for our customers. Rockset partners with HackerOne in order to continuously improve our security posture.
Compliance & Privacy
SOC 2 Type II
Rockset has certified its systems annually to AICPA SOC 2 Type II since 2021, successfully auditing the operational and security processes of our service and our company. Rockset’s SOC 2 Type 2 report is available upon request.
The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA) and provides individuals rights with regard to their data. Rockset provides our customers the necessary capabilities for building GDPR compliance.
The California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Rockset is committed to supporting its customers in their CCPA compliance efforts.