Virtual Campus Interview - Security at Superset

Your institute's data is very critical. We know that. That’s why protecting your data on Superset is our first priority. We use physical, procedural and technical safeguards to preserve the integrity and security of your information.


Best Practices

Your Data is Secure


  • Data hosted in secure SSAE 16 / SOC1 certified data centers
  • Access restrictions on our servers to better protect your information
  • Firewalls implemented to prevent unauthorized access
  • Amazon Web Services (RDS & S3) for managing your data
  • Regular snapshots of database taken and moved securely to separate datacenter for backup in case of regional Amazon failure

System Security


All servers that run Superset software in production are recent, continuously patched Linux systems. Additional hosted services that we utilize, such as Amazon Cloud Storage, are comprehensively hardened infrastructure-as-a-service (IaaS) platforms.

Our web servers use the strongest grade of HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man-in-the-middle attacks.

Our SSL certificates are 2048 bit RSA, signed with SHA256.


Infrastructure


  • All of our services run in the cloud.
  • Superset does not run our own routers, load balancers, DNS servers, or physical servers.
  • The vast majority of our services and data are hosted on Amazon Web Services (AWS) facilities in the USA.
  • All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that block unauthorized requests.
  • We have multiple VPC’s for different environments to ensure data integrity.
  • Superset takes snapshots of your data at frequent intervals as our automatic backup strategy. In addition to this, our databases are backed up on a daily basis to ensure no loss of data.
  • Superset uses RDS encryption to encrypt instances and snapshots at rest​. (Using the industry standard AES-256 data encryption algorithm to encrypt data on the server)

Data Transfer


  • All data sent to or from Superset is encrypted in transit using 128-bit encryption.
  • Our API and application endpoints are TLS/SSL only.
  • We use strong cipher suites and have features such as Perfect Forward Secrecy fully enabled etc.

Data


  • All our customer data is stored in the USA.
  • Customer data is stored in multi-tenant data-stores, we do not have individual data-stores for each customer. However, we have struck privacy controls in our application to ensure data security and privacy. This also prevents unauthorized access of any customer’s data.
  • We have unit, integration, and regression test cases in place to ensure that privacy controls work as expected.
  • All tests are run every time changes are made on the platform.

Physical Security


Superset production data is processed and stored within AWS Data Centers, which uses state-of-the-art multi-layer access, alerting, and auditing measures, including

  • Perimeter fencing
  • Vehicle access barriers
  • Custom-designed electronic access cards
  • Biometric checks
  • Laser beam intrusion detection
  • Continuous external and internal security camera surveillance
  • 24x7 trained security guards

Confidentiality


We place strict controls over our employees’ access to your data and are committed to ensure that any customer data is not seen by anyone who should not have access to it. All of our employees and contract personnel are bound to our policies regarding customer data privacy and security and we treat these issues as matters of the highest importance within our company.


Application monitoring


  • All access to superset applications are logged and audited.
  • We use state-of-the-art monitoring services to constantly monitor application performance

You can read more about security at AWS here