As you move to the cloud, it is critical to secure your systems at every layer — across the network, in applications, and at the data layer for digital compliance. Our goal with MarkLogic Data Hub Service, our cloud service, is to provide enterprise-grade data confidentiality, integrity, and availability necessary to fortify your cloud systems and prevent cybersecurity breaches. MarkLogic has earned the trust and reputation of protecting and serving data assets for major financial services organizations, healthcare providers, and government institutions.
MarkLogic Data Hub Service provides robust security controls that are proven in mission-critical environments. Here are the ways MarkLogic approaches cloud service security:
Who is the user? How do we verify their identity? MarkLogic answers those questions by supporting various protocols to securely store and process identity information. Data Hub Service supports SSO with LDAP (Active Directory), Kerberos, SAML, or digital certificates.
What can a certain user do and see? This question of authorization, which is crucial to all aspects of data security, is handled with more granular controls than any other data platform. Data Hub Service supports Role-based Access Control (RBAC) to define granular privileges to restrict access to actions, data, and resources.
What happened, exactly? MarkLogic records every action by default to answer detailed questions about system activities along a timeline. This includes data inserts, reads, and updates, code execution, and authentication changes. Data Hub Service provides full access to system logs.
Can someone get access without credentials? Can they modify the files? Can they erase evidence of wrongdoing? MarkLogic has advanced encryption to encrypt data on the wire (in transit) and on disk (encryption at rest).
Encryption is comprehensive (data, configurations, and logs), transparent (no coding required), and fast (negligible performance impact). Data Hub Service supports client-owned encryption keys using the public cloud provider’s key management system.
MarkLogic Data Hub Service has industry-leading uptime guarantees and adheres to strict data security standards for how the service is built and tested.
MarkLogic Data Hub Service is built with demanding cloud security policies to help you meet your policy objectives. It has third party certifications that validate functionality to ensure the security and integrity of your data, protect against breaches, and prevent unauthorized access.
The MarkLogic SOC 2 Type II report is an independent assessment of our control environment performed by a third party. It is based on the AICPA’s Trust Services Criteria and addresses the key trust principles of security, availability, confidentiality, processing integrity, and privacy.
The NIST Cybersecurity Framework (CSF) is US-issued guidance for organizations on how to improve their ability to prevent, detect, and respond to cybersecurity risks. NIST 800-53 maps to other standards (e.g., ISO 27001) and underlies other standards like HIPAA and FedRamp.
Security framework established by the General Services Administration (GSA) in 2012 to protect data confidentiality, integrity, and availability in cloud environments.
Guidelines for complying with the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) related to processing, maintaining, storing, and sharing protected health information (PHI).
MarkLogic is HIPAA-ready.
The Defense Federal Acquisition Regulation Supplement is US DoD-specific rules for procurement within the US public sector.
General Data Protection Regulation (GDPR) that went into effect in May 2018 with the goal of strengthening personal data protection in Europe.
MarkLogic complies with GDPR, and helps customers comply with GDPR.
MarkLogic deployments are architected to ensure complete data privacy. No one except those you authorize ever gets access to the data you store in the MarkLogic Data Hub Service. Ever.
The MarkLogic Data Hub Service architecture uses virtual network peering to maintain separation between the customer and the service networks. Each of the service virtual networks is dedicated to a particular customer and is used solely for their data. The data is encrypted using customer-owned encryption keys and never accessible by MarkLogic Support.