We know that for customers, security is a critically important part of application development, database management, and IT systems in general. Organizations must take a holistic approach and a database, while just one part, is a key element in protecting information. Couchbase has worked with customers and their data security needs for over a decade, including some of the world’s biggest companies. Therefore we take security very seriously and it continues to be a top priority for us. So we are excited to announce that our new Couchbase CapellaTM offering has achieved SOC2 compliance.
What is SOC 2?
Developed by the American Institute of Certified Public Accountants (AICPA), a SOC 2 report attests to the ability of a service organization’s internal controls to manage client data in a secure and trustworthy manner. This independent report, issued by a CPA firm, attests to the results of a comprehensive audit that focuses on system-level controls that process clients’ data. The SOC 2 looks at
- Security – systems and data need to be protected against unauthorized access and anything that could compromise their confidentiality, integrity, availability, and privacy
- Availability – systems need to be available for use and operation
- Processing integrity – system processing must be timely, accurate, and authorized
- Confidentiality – information delegated as confidential needs to have appropriate protections
- Privacy – any personal information collected must be used, retained, disclosed, and disposed of appropriately
Couchbase Capella’s specifics
Couchbase Capella was developed with a security-first mindset.
Capella enforces strong security and isolation boundaries for all database clusters deployed in the cloud via:
- Complete network and logical isolation of cloud accounts across customer deployments
- Data security via encryption at rest and in-flight
- Security built from the ground-up
Security and isolation
Couchbase Capella provides complete network isolation for database clusters and the underlying infrastructure is isolated from other users. Database resources reside within their own cloud resource containers. Each cluster is deployed within a dedicated virtual private cloud environment for complete security isolation and separation. All access to a database must be explicitly granted via an allow list. Additionally, access is administered via unified user identity and management mechanisms within the Capella control plane, which spans manual, API, and programmatic access to the database
All data, whether in transit or at rest, is encrypted to ensure data protection, privacy, and the integrity of the underlying infrastructure. All communications and data are always encrypted using the latest security standards (TLS 1.3). Encryption and security features are enforced by default and cannot be turned off.
Secure infrastructure and development processes
All software components used within Capella, including the operating environment, are hardened and minimalized, narrowing the security vector. These components are continually scanned and certified by our Capella security team. These processes include hardening, vulnerability scanning, enforcing trusted and locked down images, secure repositories, and implementing secure engineering practices.
In order to maintain robust security technology and practices, Couchbase Capella undergoes periodic vulnerability scanning and assessment by an independent third party for verification of our security, privacy, and compliance controls.
For more on Couchbase security, download our Database Security Best Practices whitepaper.