Data Prep infrastructure and security¶
All ingress ports, whether on internal or external interfaces, are protected by security groups, which are automatically configured by Data Prep’s system configuration tool. Customer/public facing ingress ports are: TCP 80/443.
Data Prep utilizes jump hosts for SSH access to production infrastructure and all production admins are access-controlled using multi-factor authentication.
The production accounts use strict IAM roles and only key employees with a verified business need receive administrative access.
DataRobot does not allow customer-requested security scanning agents to be installed in our production SaaS environment. Data Prep leverages an on-demand cloud computing platform to perform vulnerability scans against the environment. Penetration testing of Data Prep is executed by a qualified third-party assessor and the results are integrated into the development workflow based on priority. Upon request, DataRobot can schedule vulnerability scans of our SaaS offering and coordinate the request with our cloud computing platform service.
Data Prep utilizes TLS and HTTPS to encrypt the data when in transit. Data Prep stores the data in an encrypted format when it is at rest to prevent access by unauthorized parties.
Native Data Prep accounts (defined as accounts that are not using LDAP or SAML) adhere to the following password requirements: the password must contain at least one number, one lowercase letter, one uppercase letter and one special character (!@#$%^&*+=), and at least 8 characters.
Data Prep does not enforce account lockout policies or have any account lockout policy management capabilities for Native accounts.
For SAML authentication, the account policies and password requirements configured with the customer's SAML Identity Provider are enforced.
Production service accounts cannot be used for logins by any admin or user. The account is strictly used only to startup and run the Data Prep application. The account does not have any access to customer data or permissions within Data Prep.
Operating System security patches are applied to our Production SaaS environment after a security threat assessment/review. Careful testing is performed prior to applying any security updates so as to not compromise the integrity of our application or services. Application security updates to our SaaS offering are applied as soon as a fix is available.