Help Center/ GaussDB(DWS)/ More Documents/ User Guide/ FAQs/ General Problems/ Is My Data Secure in GaussDB(DWS)?
Updated on 2023-03-08 GMT+08:00

Is My Data Secure in GaussDB(DWS)?

In the big data era, data is a user's core asset. data security first.

GaussDB(DWS) is a data warehousing system with telecom-class security to safeguard your data and privacy. GaussDB(DWS) satisfies the data security and privacy requirements of governments, financial organizations, and carriers. The choice of multiple industries, it is certified by the:

  • Internal Cyber Security Lab (ICSL) in compliance with cyber security standards issued by the UK authorities.
  • Privacy and Security Assessment (PSA) to meet EU requirements of data security and privacy.

Service Data Security

GaussDB(DWS) is built on software infrastructure, including ECS and OBS.

Service data of GaussDB(DWS) users is stored in the ECSs in the cluster. Neither users nor O&M administrators can log in to the ECSs.

The operating system of ECSs is hardened for security, including kernel hardening, installation of the latest patch, permission control, port management, and protocol and port anti-attack.

GaussDB(DWS) provides complete security measures, such as password policies, authentication, session management, user permissions management, and database audit.

Snapshot Data Security

GaussDB(DWS) backups are snapshots stored in OBS. OBS supports access permission control, key access, and data encryption features. GaussDB(DWS) snapshot data can be used for data backup and restoration only and cannot be accessed by any user. GaussDB(DWS) administrators can view the OBS space occupied by snapshot data on the GaussDB(DWS) console and bills.

Network Access Security

GaussDB(DWS) is fully isolated between the layer-2 and layer-3 networks to fulfill security requirements of government and financial users.

  • GaussDB(DWS) is deployed in the tenant-dedicated ECS environment, which is not shared with other tenants. Therefore, data leakage due to computing resource sharing is impossible physically.
  • ECSs in a GaussDB(DWS) cluster are isolated through VPCs, preventing the ECSs from being discovered and intruded on by other tenants.
  • The network is divided into the service plane and management plane. The two planes are physically isolated, ensuring network security.
  • The tenants can flexibly customize the security group and access rules.
  • External application software access GaussDB(DWS) over SSL.
  • Data imported from OBS is encrypted.