A secure data platform for all
In order to entrust your company's data to a data platform, it is important that this platform is also secure against third-party access. How can we guarantee this? With our product "Saugeile Datenkrake" - SDK for short!
We present some of our measures to make data platforms more secure here in the blog.
Encrypted communication with HTTPS
The communication between client and platform is encrypted using TLS. In this way, a secure connection is established via HTTPS. Let's Encrypt" certificates are used for this purpose.
HTTP Strict Transport Security (HSTS) can also be activated for the operation of a data platform.
Thus, the platform is protected against e.g. "man-in-the-middle attacks" (MITM attacks).
Every request to the platform is received via an application gateway. This contains a web application firewall (WAF) and protects against, among other things:
- Injection attacks
- Cross-Site Scripting (XSS)
- Buffer overflow attacks
- Cookie poisoning
Rights only for what is needed
Each service running on the platform has only those permissions that the service needs to perform the tasks.
For example, as one of the central components of the platform, Kubernetes has the right to fetch Docker containers from the repository and execute them. However, Kubernetes is not allowed to write Docker containers to the repository.
Note: There will be a separate post on the topic of infrastructure authorisation.
All data is encrypted
Data in the blob storage and in the databases are stored in encrypted form. The data is accessed with a SAS token (Shared Access Signatures). The token itself is only valid for a limited period of time.
This is an excerpt from the security mechanisms in the SDK. If you would like to learn more, please contact us at any time!
An abstract look at the function of the SDK can be found here: SDK