Security of the highest standard
Native Security Capabilities
Manage security guardrails and operate confidently with built-in features.
Network Security
VPC Peering and PrivateLink
Secure network connectivity capabilities to avoid user-to-cluster traffic transiting the public network.
IP Allowlists
Configure specific source locations that could be used to access a cluster.
Identity and Access Management
Single Sign-On
Centralize authentication by integrating with common identity providers like Google, Okta, Active Directory, etc.
Role-Based Access Control
Set user permissions at the database or table level with fine-grained access control, down to the row and column level.
Data Protection & Privacy
Encryption at Rest
Use Customer Managed Encryption Keys to encrypt data files stored on your cluster disks and managed backups.
Encryption in Transit
Ensure data is secure in transit with TLS connections.
Data Masking
Mask or anonymize sensitive data beyond full data encryption.
Auditing and Logging
Comprehensive and configurable audit logging
Keep track of when and by whom your data is accessed for compliance purposes.
Compliance Certifications
Meet compliance standards required of many industries.
SOC Type 2
Cockroach Labs annually certifies its systems to meet AICPA SOC 2 Type II, which audits the operational and security
processes of our service and our company.
PCI DSS
CockroachDB dedicated has been certified against PCI-DSS SAQ-A requirements, which allow storage of cardholder
data. We are in the process of satisfying more stringent SAQ-D requirements.
Privacy
We're committed to being transparent about our privacy practices.
Below are links to documentation about our approach.
Data Processing Addendum (DPA) Since June 4, 2021 Cockroach Labs’ DPA relies on Standard Contractual Clauses to address Privacy Shield
invalidation on July 16, 2020