Data & Network Security at Preset
Data Security Features
Secure Cloud Hosting
Preset Cloud runs on AWS with multi-tenant architecture. AWS is SOC2, ISO27001 and HIPAA compliant.
SSO with SAML
Use your existing SAML identity provider to manage team access with Preset Cloud. We use Auth0 as our identity provider and support SCIM access for a variety of enterprise identity providers.
Create flexible policies that provide fine-grained access control with Role Based Access Controls (RBAC) to everything in Preset Cloud.
Encryption for Data in Transit
We secure all data in transit with Transport Layer Security (TLS) 1.2 or higher. Only secure cipher suites are enabled and they are reevaluated on a periodic basis.
Encryption for Data at Rest
Preset encrypts all of your data and metadata at rest using an industry standard AES-256 encryption algorithm.
Preset integrates security into every step of the Software Development Life Cycle (SDLC). Using manual and automated security controls we evaluate every line of code to protect our users from vulnerabilities and exploits.
We actively monitor and remediate vulnerabilities reported from the Apache Superset community. You can report a vulnerability to email@example.com
We participate in independent 3rd-party penetration testing every 3 months.
Intrusion Detection Systems (IDS)
We protect your data with several layers of Intrusion Detection Systems (IDS) that continuously scan for threats like Malware, Ransomware and container exploits.
Full time employees and contractors participate in background checks and security training. They acknowledge our security policies and sign confidentiality agreements. All access to systems is audited on a quarterly basis.
We use MDM on all endpoints and require employees to use a VPN to access our production systems. Strong passwords are enforced, as is Multi Factor Authentication (MFA).
Continuous Compliance Monitoring
We utilize continuous compliance monitoring with Vanta to ensure that Preset Cloud is compliant with our compliance initiatives both inside and outside of the audit window.
Compliance Certifications, Standards & Regulations
Frequently Asked Questions
- Preset’s SaaS solution runs on AWS.
You can choose among four different deployment regions to have Preset deployment close to your data sources and to be compliant with local regulations. The current options include:
- US East 1 - Virginia, US
- US West 2 - Oregon, US
- Asia Pacific 1 - Tokyo, Japan
- EU North 1 - Stockholm, Sweden
If you wish for a more specific region, Preset’s Managed Private Cloud can be deployed in any AWS region outside of Mainland China.
- Preset workspaces are isolated by Role Based Access Controls (RBAC) that your organization’s admin users specify. We have a unique application key for each workspace, which is used to ensure that traffic to the workspaces is isolated.
- We have multiple layers of monitoring, including at the cloud, network, and application levels.
- Preset offers usage metrics to see which dashboards, charts, and other assets are being utilized by your team in aggregate and over time. Audit logs for all queries coming from Preset can also be added so you have granular views into which users initiated each individual query coming from your Preset workspaces.
- Preset requires access to the databases that your organization wants to analyze within our analytics platform.
- Preset uses Auth0 as our IDP. If SSO support is needed, we would need to set up SCIM.
- Preset uses RBAC to manage user access and permissions. Your organization can use row-level security to set up fine-grained permissions for data access.
- Preset supports the implementation of Security Assertion Markup Language (SAML) Single Sign On (SSO) integration, enabling companies to leverage their existing identity management system, and allowing employees to sign in to Preset using their Identity Provider account. Supported identity providers include Azure, Google, and Okta. Read more here.
- Database credentials are stored in a region-specific relational database service encrypted at rest. All traffic to the database is encrypted in transit. In the relational database service, each workspace has an associated database, which stores your organization’s database credentials and is accessed by unique credentials.
On top of our database connections that are secured with Transport Layer Security (TLS) 1.2, Preset offers the following mechanisms for securing connections to your data sources:
- SSH Tunneling
- AWS PrivateLink
- VPC Peering (Managed Private Cloud deployments only)
- The results data is stored in a cache (AWS Elasticache for Redis), where the keys are prefixed by their respective workspace for isolation. In addition, the cache data is encrypted with an AES-128 workspace-specific key. By default, the cached data is stored for 24 hours; however, users can set custom timeouts as defined here.
- You can detach any database connected to Preset Cloud and delete all datasets and queries. In addition, you can send a request to firstname.lastname@example.org for account and user deletions.
- Preset tracks many metrics including uptime, MTTR, application error rates, release bugs, and many more.
- An up-to-date list of sub-processors that Preset works with may be found here.