Securing Airbyte Cloud

Airbyte Cloud leverages the security features of leading Cloud providers and sets least-privilege access policies to ensure data security.

Physical infrastructure

Airbyte Cloud is currently deployed on GCP with all servers located in the United States. We use isolated pods to ensure your data is kept separate from other customers’ data.

Only certain Airbyte staff can access Airbyte infrastructure and technical logs for deployments, upgrades, configuration changes, and troubleshooting.

Network security

Depending on your data residency location, you may need to allowlist IP addresses to enable access to Airbyte.

Credential management

Most Airbyte Cloud connectors require keys, secrets, or passwords to allow the connectors to continually sync without prompting credentials on every refresh. Airbyte Cloud fetches credentials using HTTPS and stores them in Google Cloud’s Secret Manager. When persisting connector configurations to disk or the database, we store a version of the configuration that points to the secret in Google Secret Manager instead of the secret itself to limit the parts of the system interacting with secrets.

Encryption

Since Airbyte Cloud only transfers data from source to destination and purges the data after the transfer is finished, data in transit is encrypted with TLS, and no in-store encryption is required for the data. Airbyte Cloud does store customer metadata and encrypts it using GCP’s encryption service with AES-256-bit encryption keys.

All Airbyte Cloud connectors (APIs, files, databases) pull data through encrypted channels (SSL, SSH tunnel, HTTPS), and the data transfer between our clients' infrastructure and Airbyte infrastructure is fully encrypted.

Authentication

Airbyte Cloud allows you to log in to the platform using your email and password, Google account, or GitHub account.

Access Control

Airbyte Cloud supports user management but doesn’t support role-based access control (RBAC) yet.

Compliance

Our compliance efforts for Airbyte Cloud include:

  • SOC 2 Type II assessment: An independent third-party completed a SOC2 Type II assessment and found effective operational controls in place. Independent third-party audits will continue at a regular cadence, and the most recent report is available upon request.
  • ISO 27001 certification: We received our ISO 27001 certification in November 2022. A copy of the certificate is available upon request.
  • Assessments and penetration tests: We use tools provided by the Cloud platforms as well as third-party assessments and penetration tests.

Securing your data

Airbyte connectors operate as the data pipes moving data from Point A to point B: Extracting data from data sources (APIs, files, databases) and loading it into destination platforms (warehouses, data lakes) with optional transformation performed at the data destination. As soon as data is transferred from the source to the destination, it is purged from an Airbyte deployment.

An Airbyte deployment stores the following data:

Technical Logs

Technical logs are stored for troubleshooting purposes and may contain sensitive data based on the connection’s state data. If your connection is set to an Incremental sync mode, users choose which column is the cursor for their connection. While we strongly recommend a timestamp like an updated_at column, users can choose any column they want to be the cursor.

Configuration Metadata

Airbyte retains configuration details and data points such as table and column names for each integration.

Sensitive Data​

As Airbyte is not aware of the data being transferred, users are required to follow the Terms of Services and are ultimately responsible for ensuring their data transfer is compliant with their jurisdiction.

For more information, see Airbyte’s Privacy Policy

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section