Rockset Security & Compliance
Our customers trust Rockset to protect their data. That trust requires a service that is highly available and secure. As a Rockset customer, you benefit from a service designed, built, maintained, and monitored to meet rigorous security, compliance, and privacy requirements.
Built For The Cloud
Rockset is offered as a fully managed cloud service - 100% born and built in the cloud. Currently, all of Rockset's services are run and hosted in Amazon Web Services (AWS), hence our security policies follow AWS best practices and leverage the underlying security policies of AWS. Rockset does not operate any physical hosting facilities or physical computer hardware of its own.
Security Features
Rockset offers enterprise-level security features designed to protect and secure Rockset customer data.
IP Allowlist
IP Allowlisting restricts access to only a specified set of IP addresses so only calls made to the Rockset service originating from a specified IP address will be accepted.
Views
Views are stored SQL queries that can be queried like any other persistent data in Rockset and provide you extra security by limiting the exposure of the underlying data to authorized users.
Role Based Access Control (RBAC)
Rockset enforces least privileged access through custom roles that can be scoped to the resource level and to specific actions, giving users only the level of access they need at that time.
Data Masking
PII (personally identifiable information) or PHI (protected health information) fields can be transformed at ingest with a one-way crypto hash function so that Rockset only stores the hashed value and not the original PII/PHI field.
Single Sign On
Rockset has integrations with SSO providers like Okta to enforce strong user authentication to Rockset.
Audit Logging
Rockset maintains comprehensive, searchable, and exportable audit logs of all security-related events including authentication, permissions changes, CRUD operations, assumptions of privileges, and more.
Multi-Factor Authentication
Rockset has native support for strong multi-factor authentication including TOTP when accessing the Rockset console.
AWS PrivateLink
Rockset supports AWS PrivateLink to prevent your traffic from being exposed to the public internet.
Data Encryption
Data Encryption in Flight
Data in flight from customers to Rockset and from Rockset back to customers is encrypted through TLS 1.2 certificates with HSTS and controlled by network policies. Certificates are created and managed by AWS Certificate Manager. An AWS application load balancer terminates TLS connections at our API endpoint. We secure internal communication using AWS VPC functionality.
Data Encryption at Rest
Data is encrypted at rest throughout all of Rockset's services using encryption keys that are managed by AWS Key Management Service (KMS) and are never exposed to anyone, including to Rockset employees. Rockset also allows customers to provide their own encryption keys.
Vulnerability Management
Penetration Testing
Rockset employs a third party security firm to perform Security, Vulnerability, and Penetration testing across our platform. These are run at least annually and findings are remediated according to their criticality and prioritization.
Vulnerability Disclosure Program
Rockset is committed to working with industry experts and security researchers to ensure our products are the most secure they can be for our customers. Rockset partners with HackerOne in order to continuously improve our security posture.
Compliance & Privacy
SOC 2 Type II
Rockset has certified its systems annually to AICPA SOC 2 Type II since 2021, successfully auditing the operational and security processes of our service and our company. Rockset’s SOC 2 Type 2 report is available upon request.
GDPR
The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA) and provides individuals rights with regard to their data. Rockset provides our customers the necessary capabilities for building GDPR compliance.
CCPA
The California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Rockset is committed to supporting its customers in their CCPA compliance efforts.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) was created in 1996 to govern the flow and sharing of personal health information (ePHI). Rockset is HIPAA ready and enables covered entities and their business associates to leverage Rockset to store, process, and analyze ePHI.
