Join us May 20-21 for MarkLogic World 2020 in Chicago

Cloud Data Security

Image of three MarkLogic databases with a security shield

As you move to the cloud, it is critical to secure your systems at every layer — across the network, in applications, and at the data layer for digital compliance. Our goal with MarkLogic Data Hub Service, our cloud service, is to provide enterprise-grade data confidentiality, integrity, and availability necessary to fortify your cloud systems and prevent cybersecurity breaches. MarkLogic has earned the trust and reputation of protecting and serving data assets for major financial services organizations, healthcare providers, and government institutions.

MarkLogic Data Hub Service Security Overview

MarkLogic Data Hub Service provides robust security controls that are proven in mission-critical environments. Here are the ways MarkLogic approaches cloud service security:

Who is the user? How do we verify their identity? MarkLogic answers those questions by supporting various protocols to securely store and process identity information. Data Hub Service supports SSO with LDAP (Active Directory), Kerberos, SAML, or digital certificates.

What can a certain user do and see? This question of authorization, which is crucial to all aspects of data security, is handled with more granular controls than any other data platform. Data Hub Service supports Role-based Access Control (RBAC) to define granular privileges to restrict access to actions, data, and resources.

  • Document and Element Level Security to control access to specific XML and JSON documents and the elements/properties/paths within those documents.
  • Data Redaction to mask or conceal sensitive data like PII data stored as XML elements or JSON properties for data protection and privacy. Use rule-based redaction policies for data loss prevention to confidently share data with third-parties.

What happened, exactly? MarkLogic records every action by default to answer detailed questions about system activities along a timeline. This includes data inserts, reads, and updates, code execution, and authentication changes. Data Hub Service provides full access to system logs.

Can someone get access without credentials? Can they modify the files? Can they erase evidence of wrongdoing? MarkLogic has advanced encryption to encrypt data on the wire (in transit) and on disk (encryption at rest).

Encryption is comprehensive (data, configurations, and logs), transparent (no coding required), and fast (negligible performance impact). Data Hub Service supports client-owned encryption keys using the public cloud provider’s key management system.

Data Reliability the MarkLogic Way

MarkLogic Data Hub Service has industry-leading uptime guarantees and adheres to strict data security standards for how the service is built and tested.

99.95% Availability


Here is a Summary of Some of the Security Guidelines and Processes that MarkLogic Adheres to:

  • Industry coding standards (e.g., CERT and HICPP for C++)
  • ISO standards for vulnerability management (ISO 29147 and ISO 30111)
  • Regular security reviews (threat modeling, code and cryptography reviews, bug fixes)
  • Security training (latest guidelines from Mitre, NVD, OWASP, etc.)
  • Hundreds of thousands of automated regression tests (static and dynamic)
  • Pen testing (third party, gray box)
  • Threat modeling (industry standard STRIDE framework)

For additional information, read our reliability and uptime SLA FAQs.

Digital Compliance Made Easy

MarkLogic Data Hub Service is built with demanding cloud security policies to help you meet your policy objectives. It has third party certifications that validate functionality to ensure the security and integrity of your data, protect against breaches, and prevent unauthorized access.

SOC 2 Type II logo

The MarkLogic SOC 2 Type II report is an independent assessment of our control environment performed by a third party. It is based on the AICPA’s Trust Services Criteria and addresses the key trust principles of security, availability, confidentiality, processing integrity, and privacy.

Read blog post

Request Report

FDA Title 21 CFR Pt 11 Logo

Attestation for compliance with US Food and Drug Administration regulations around handling electronic records.

Read blog post

Request Report

NIST logo

The NIST Cybersecurity Framework (CSF) is US-issued guidance for organizations on how to improve their ability to prevent, detect, and respond to cybersecurity risks. NIST 800-53 maps to other standards (e.g., ISO 27001) and underlies other standards like HIPAA and FedRamp.

Expected 2020.

FedRamp logo

Security framework established by the General Services Administration (GSA) in 2012 to protect data confidentiality, integrity, and availability in cloud environments.

Expected 2020.

HIPAA logo

Guidelines for complying with the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) related to processing, maintaining, storing, and sharing protected health information (PHI).

MarkLogic is HIPAA-ready.

DFARS Logo

The Defense Federal Acquisition Regulation Supplement is US DoD-specific rules for procurement within the US public sector.

Self-attestation with DFARS

GDPR Logo

General Data Protection Regulation (GDPR) that went into effect in May 2018 with the goal of strengthening personal data protection in Europe.

MarkLogic complies with GDPR, and helps customers comply with GDPR.

Privacy Guaranteed

MarkLogic deployments are architected to ensure complete data privacy. No one except those you authorize ever gets access to the data you store in the MarkLogic Data Hub Service. Ever.

Network Isolation

The MarkLogic Data Hub Service architecture uses virtual network peering to maintain separation between the customer and the service networks. Each of the service virtual networks is dedicated to a particular customer and is used solely for their data. The data is encrypted using customer-owned encryption keys and never accessible by MarkLogic Support.

Learn More About Data Hub Service

Resources

Documentation

Data Hub Service Security

MarkLogic University

Free Self-Paced Course

Presentation

Security Overview

Sign Up for Our Live Demo

See how MarkLogic integrates data faster, reduces costs, and enables secure data sharing.

Register Now

This website uses cookies.

By continuing to use this website you are giving consent to cookies being used in accordance with the MarkLogic Privacy Statement.