Databricks Enterprise Security

Secure your big data and ML workflows with a unified approach to data security

Talk to an expert to learn more >

Databricks Unified Analytics Platform, from the original creators of Apache SparkTM, unifies data and AI with best-in-class security capabilities on the most trusted cloud platforms to accelerate innovation while minimizing risk.

Trust

Security program built on industry best practices, managed by security experts and validated by independent 3rd parties

Technology

Security capabilities — encryption, identity management, access controls and more — built into every layer of the platform

Transparency

Detailed architecture documentation and 3rd party attestation reports so you know your data is protected and secure

Defense in Depth

Proven Protection at Every Level

Databricks employs a Defense in Depth security model to provide the most advanced protection for your data, AI and Apache Spark workflows at every layer

Physical

AWS and Azure data centers are frequently audited and comply with a comprehensive set of frameworks including ISO 27001, SOC 1, SOC 2, SOC 3, PCI DSS.

Additionally, AWS and Azure physical data centers are located in non-disclosed locations and have stringent physical access controls in place to ensure that no unauthorized access is permitted, including biometric access controls and twenty-four hour security guards and video surveillance.


Infrastructure

  • Access Control: Control over inbound and outbound traffic leveraging security groups (AWS) and network security groups (Azure).
  • Logging and Monitoring: Comprehensive logging and monitoring for security events.


Host

  • Hardening: All hosts run a current release of Ubuntu (Data Plane) or CoreOS (Control Plane). Operating systems are hardened according to industry best practices.
  • Scanning: Hosts are scanned monthly for vulnerabilities.
  • Patching and Updates: Hosts are patched periodically for security updates and critical patch fixes.


Application

  • Secure System Development Life Cycle (SDLC): Adhere to security processes and checks that are an integral part of development.
  • Security QA and Penetration Testing: Rid the platform of security defects with rigorous security and pen testing.
  • Developer Security Training: Educate developers on security principals essential for their role.
  • Threat Modeling: Assess major risks to design and implement preventative security controls.
  • End User Security: Databricks provides the following capabilities natively in the platform:
  • Single Sign-On (SSO): Authenticate users with your existing provider using SAML 2.0. Databricks supports: Okta, Google for Work, OneLogin, Ping Identity, Microsoft Windows Active Directory.
  • Role-based Access Controls: Apply access control policies leveraging Databricks Cluster AWS IAM and Microsoft Active Directory roles, notebook ACL, workspace ACL, jobs ACL, cluster ACL, and library ACL.
  • Audit Logs: Provides insight into events within your deployment.


Data

  • Data Encryption: We use the latest version of TLS and strong encryption from AWS KMS and Azure Key Vault.
  • Access Controls: Fine-grained access control to notebooks, workspaces, jobs, and clusters.
  • Databricks Access: Automated control over Databricks access to customer data.
  • Data Governance: Customer data is persisted in designated AWS and Azure regions.
  • Backups: Automated scheduled backups of metadata and systems every 24 hours.
  • Retention and Deletion: Adherence to strict data retention policies in compliance customer requirements.

Click each layer of our security model to learn more

Hover over each layer of our security model to learn more

Certified and Secure

Databricks incorporates industry best practices into our security program and employs independent CPA firms to regularly audit our program. Additionally, a number of controls have been put in place to meet the unique compliance needs of highly regulated industries.

 

Databricks certifications and compliance attestations include:

 

Read our Compliance Program primer >

The Safest Place to Run Apache Spark

Securing Apache Spark, big data and AI workflows is far more complex than traditional data management efforts. Diverse teams need the flexibility to process, analyze, and share large volumes of data. Yet, building and managing the security policies and controls to govern big data technologies can stifle teams and bottleneck innovation. Databricks’ Unified Analytics Platform provides the agility and scale businesses need to deliver on innovation while securing the enterprise.

 

Protecting Enterprise Data on Apache Spark >

Ready to get started?

TRY DATABRICKS FOR FREE