By Brenton Edwards, CISSP, Senior Security Engineer at Ocient
The stakes for protecting data and information have never been higher. Organizations delivering analysis of always-on, compute intensive workloads consistently need to prioritize security and compliance across tools, people, and processes. When it comes to compute intensive workloads, ensuring the confidentiality of datasets that include PII or other protected data can be particularly challenging. No matter the use case, at Ocient, we don’t compromise on data confidentiality, integrity, or availability. Simply put, security is as critical as performance.
The priority of security has been ingrained in our product-thinking and culture from the beginning. In 2016, we began our research into ways to use cutting-edge hardware and a distributed software system to supercharge performance of data analysis. Very early on in our journey, we heard loud and clear that security and compliance capabilities are foundational for all potential customers. So when we came out of stealth mode in 2022, we knew that no innovation in data warehousing and data analytics would matter unless it also offered a best-in-class solution in terms of security and compliance. Let’s explore what makes Ocient’s approach unique and learn how we work every day to keep innovating in a critical area for our customers.
Application Security
Multi-Layered Security Architecture
Ocient employs a multi-layered approach to ensuring the continuous security of data. Our Compute Adjacent Storage Architecture™ (CASA) incorporates hardware-level security measures, including firewalls, intrusion detection, and robust data encryption both at rest and in motion. Notably, our proprietary Zero Copy Reliability™ capability eliminates the need for unnecessary data copies, ensuring preparedness for unexpected failures or disasters without ever compromising efficiency.
Data Resilience
When you’re working with vast amounts of data, data loss can severely impact availability and integrity, potentially requiring time-consuming data re-loading. Ocient ensures data loss resilience by using erasure coding and data parity. Ocient environments can lose up to 2 nodes without data loss. Through configuring environment parity width, loading can continue in the event of a node outage.
Secure System Development and Engineering
We are constantly evolving and improving to support functionality and capabilities that our customers need. To ensure security and performance, we manage changes and complete software development lifecycle processes. We also perform vulnerability assessments and remediation activities regularly as part of Ocient Management Services.
Ocient Management Services Security
Stringent Regulatory Compliance
We strive to meet or exceed industry standards and regulations in the US, Europe, and around the world. Adhering to global regulatory frameworks such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) is non-negotiable and a core part of what we help our customers do every day. Additionally, solutions deployed in the OcientCloud™ or managed by Ocient Management Services are certified annually to AICPA SOC 2 Type II. This SOC 2 Type II certification attests that our data security protocols have undergone third-party audits, validating the implementation of best practices and fulfillment of SLAs.
User Access Controls
Any data solution is only as secure as the users who have access. We understand the critical role of user access controls in ensuring data security. Ocient’s system boasts robust access controls, with system access restricted to authorized personnel exclusively. Our enforcement of strong password policies and support for multi-factor authentication further ensure that only authorized users can access the data. The Ocient system makes it easy to configure and customize access control policies based on user roles and permissions, simplifying data management and control.
Data Protection
Data-at-rest and data-in-transit encryption is implemented, by default, within our Ocient Management Services offering. Organizations that choose to run Ocient in their own environments can implement data-at-rest encryption during system deployment, with data-in-transit encryption configurable. OcientCloud is hosted in a datacenter with direct connections to major cloud service providers, to reduce public exposure during the loading process.
Disaster Recovery and Business Continuity
Ocient acknowledges the critical importance of disaster recovery and business continuity. Our system incorporates automatic failover capabilities, allowing for a seamless switch to a standby instance within seconds if the primary instance encounters issues. Routine backup and migration procedures are integral components of our strategy, ensuring the safety and security of your data in the face of unforeseen disruptions.
Our comprehensive security measures, commitment to industry regulations, robust user access controls, stringent data governance policies, and reliable disaster recovery plan collectively ensure that your data remains safe and secure. When you choose Ocient, you are entrusting your valuable data to capable hands, ensuring peace of mind in an age where data integrity is paramount.
Extensive Monitoring and Support
Customers that use Ocient Management Services will be provided with security and capacity monitoring by default. The Ocient system is equipped with built-in auditing capabilities for real-time tracking of all data access and modification activities. This proactive approach aids in identifying unauthorized access attempts, policy violations, and other security incidents. Dedicated personnel actively monitor system activity, ensuring swift responses to any security incidents. The Ocient Management Services support team actively monitors system capacity with an on-call schedule.
Enterprise Security
Comprehensive Enterprise Security Program
In today’s threat landscape, managing third-party and supply chain risks is critical to enterprise security. Maintaining a comprehensive enterprise security program at Ocient is principal to the security of our software and services. We understand our role in the supply chain which extends to all parts of the organization. Internally, Ocient has implemented information security policies, an employee security awareness training program, phishing awareness and training campaigns, third-party management controls, and other internal security controls assessed in our annual SOC 2 Type II audit.
Strict Access Management
Any access into customer production environments or customer data is strictly controlled via enterprise IAM RBAC groups, device authentication, VPN ACLs, environment boundaries, and other security measures. All end-user devices with access to production environments are hardened via security control baseline and audited for compliance. Only specific Ocient Management Services support personnel and end-user devices have access to production environments, and Ocient employees with access are required to take a sensitive information handling training annually.
Future Compliance Goals
Our work with security and compliance is never complete. Our programs are continuing to evolve and mature to enable customers with the highest-security requirements the significant performance and cost benefits of Ocient. We are beginning the process of obtaining FedRAMP and ISO 27001 compliance, which will broaden our reach to an even wider set of organizations and attest to our commitment to security and privacy.
Security isn’t a one-size-fits-all solution for every organization. During the sales process, Ocient works with organizations to understand their specific needs and requirements. We understand that data security is essential to attaining maximum value from hyperscale datasets and performance. We’ve prioritized security from day one and will continue to drive compliance for current and future customer success.
Please get in touch today to learn more about our roadmap and share your security and compliance requirements.