We take security seriously. As we build our product, we add each layer of security and protection as soon as it’s applicable. We appreciate your help with a security-first stance. Please notify us if you find anything that concerns you.
Data Sent to VividCortex
Most of the data we send to our APIs is time-series metrics. Each metric is a host ID (assigned by our system), a metric name, a timestamp, and a numeric value. There should be virtually no concerns about the time-series metrics; they are opaque values such as the rate of queries per second, and do not reveal any sensitive data.
Additional meta-data is captured to make this time-series data useful to you. For example, we capture the digested form of queries, and store it so that we can show you the query in our web application. You can control levels of obfuscation, or disable entirely, such data. An example digested query looks like the following, with all literals and numeric portions of database and table names replaced by question-marks:
select e?_.id as id? from env_query e?_ where e?_.env = ?
We have an extensive test suite on this functionality. There is virtually no possibility of any form of literal or other private data escaping our digest algorithm. If your table names or database names themselves contain sensitive data and you want to prevent even digested queries from being sent to our API, contact us and we will disable this feature on your entire environment.
Raw SQL samples are also sent occasionally, on a probabilistic basis per-query-family. The samples include information about the individual query’s execution, such as the timestamp, origin host, and latency. We encrypt samples before storing them into our database. We support several ways to limit the sensitive information that may be sent, if desired. We can blacklist and whitelist queries by regular expressions that are matched to their SQL text, and we can override the text with an empty string to avoid sending text but still send information you can use to get a sense of the distribution and individual characteristics of queries. We can also disable sampling entirely; just ask.
Personally Identifiable Information (PII)
All scrubbing of PII (usually literals embedded within queries) takes place within the agents, so PII is never sent to our servers. Features that use PII, such as query samples and explain plans, can be disabled locally to avoid this.
Required Network Settings
See Configuring VividCortex for details.
Security Policies and Procedures
We are very careful with our servers, and everything is on a least-privileges and least-access basis.
- All sensitive data is encrypted with industry-standard encryption algorithms before storing it into our servers. If someone were to gain access to our database, for example via SQL injection, they would not be able to read its contents.
- All access to and communications with our servers are secured with SSL. Unsecured access is completely disabled.
- Our APIs aren’t fully read-write enabled; they have only the minimal necessary functionality.
- All internal documentation, etc is stored and transmitted with strong cryptography.
- We have companywide policies about security, including personal devices such as backups, laptops, and phones. We use two-factor authentication on all services that support it.