As a company founded by data professionals, data security is of our utmost concern. Upsolver offers a comprehensive set of protections to provide the highest level of security to all sensitive data that is processed or managed using the Upsolver platform. Upsolver uses a cloud-native architecture to keep customers’ data safe in their own AWS account, while offering additional layers of security to prevent any unauthorized access to data through the Upsolver front-end UI.
How Upsolver is Deployed
Upsolver supports both private and hosted VPC to provide a high level of flexibility, while taking security constraints into account:
- Hosting both the Upsolver data processing servers and the API which serves the UI in the customer’s AWS account in a private VPC. The customer has full control with regards to who has access to servers in this VPC and thus who has access to the data via the UI. Another security benefit of this method is that the data never leaves the customers AWS account
- Hosting Upsolver servers on Upsolver’s VPC: This is the simplest to set up but allows for global access to the UI. Also, with this method the data will be read by servers outside of the customers AWS account while being processed - However, no data will ever be stored on disk outside the customers AWS account.
Note, in both of these methods the data is still stored in the customers S3 bucket and is inaccessible to anyone who does not have the appropriate permissions.
Upsolver leverages AWS’s state of the art security infrastructure, including the Roles and Security Groups. All permissions granted are easily revocable within the customer’s AWS console.
Upsolver’s UI is served by a server in the customer’s AWS account. The customer can use security primitives within AWS to restrict access to Upsolver based on IP addresses, access via VPN, and any other security measures they would normally use when moderating access to internal servers.
For details on specific AWS role permissions required by Upsolver, please see: https://docs.upsolver.com/Deployments/AWS/role-permissions.html
Permission Granting Process via CloudFormation
In order to make the process of adding the required permissions to the customers AWS account simple, secure and easily reviewable we take advantage of AWS CloudFormation.
When integrating Upsolver with the AWS account the user will be redirected to AWS with a generated CloudFormation template based on the permissions required to perform the actions the user selected during the integration process. During this process, the user has the ability to review the created resources (Specifically the IAM Roles and Policies) to ensure the permissions granted match expectations.
Storage on Amazon S3
As mentioned above briefly, Upsolver does not store any customer data at rest. All customer data is stored in the customer’s Cloud Storage account. No data is stored on local storage or sent anywhere else, which ensures that only authorized users can access data at rest.
Restricting Access to Customer Data
Upsolver ensures that absolutely no one can see customer data without prior permission. This includes both unauthorized third parties as well as Upsolver itself, and is done via a multi-tiered approach that provides maximal security across every interaction between the Upsolver platform and the customer data it processes:
Access to Upsolver’s UI: Upsolver’s UI shows data insights and samples. The API driving this UI is deployed into the customer’s cloud account, which enables the customer to set granular permissions preventing any unauthorized access via network ACL’s and Security Group rules.
Deployment on Private VPC
In this deployment mode upsolver will create a VPC in the customers account (using CloudFormation) and will create two additional IAM Roles in the account.
The first one is the Server Management Role. This role has no access to the customers data and is used by upsolver servers to manage the lifecycle of his compute clusters.
The second is the Data Role. This role has access to the data in the cloud storage, however, it is only assumable by servers within the customers AWS account, it can’t be used by external servers to access the data.
Integration details and required permissions can be found here: https://docs.upsolver.com/Deployments/AWS/private-vpc.html.
Deployment on Upsolver’s VPC
Unlike the Private VPC deployment mode this mode is less secure but does not require servers to be hosted on the customer's account.
In this mode a single AWS IAM Role is create which grants access to the customers data. Whenever the customer wants to access data which is currently inaccessible to this role he or she will be redirected to a CloudFormation template which will add the appropriate permissions. This keeps the role limited to exactly what the customer wants upsolver to be able to access.
Integration details and required permissions can be found here: https://docs.upsolver.com/Deployments/AWS/upsolver-vpc.html.
Physical Data Center Security
When storing data on AWS, we rely on the robust security provided by AWS, as detailed on https://aws.amazon.com/security/