Progress Acquires MarkLogic! Learn More

Cloud Data Security

Image of three MarkLogic databases with a security shield

MarkLogic Data Hub Service Security Overview

MarkLogic Data Hub Service provides robust security controls that are proven in mission-critical environments. Here are the ways MarkLogic approaches cloud service security:


Who is the user? How do we verify their identity? MarkLogic answers those questions by supporting various protocols to securely store and process identity information. Data Hub Service supports SSO with LDAP (Active Directory), Kerberos, SAML, or digital certificates.

What can a certain user do and see? This question of authorization, which is crucial to all aspects of data security, is handled with more granular controls than any other data platform. Data Hub Service supports Role-based Access Control (RBAC) to define granular privileges to restrict access to actions, data, and resources.

  • Document and Element Level Security to control access to specific XML and JSON documents and the elements/properties/paths within those documents.
  • Data Redaction to mask or conceal sensitive data like PII data stored as XML elements or JSON properties for data protection and privacy. Use rule-based redaction policies for data loss prevention to confidently share data with third-parties.

What happened, exactly? MarkLogic records every action by default to answer detailed questions about system activities along a timeline. This includes data inserts, reads, and updates, code execution, and authentication changes. Data Hub Service provides full access to system logs.

Can someone get access without credentials? Can they modify the files? Can they erase evidence of wrongdoing? MarkLogic has advanced encryption to encrypt data on the wire (in transit) and on disk (encryption at rest).

Encryption is comprehensive (data, configurations, and logs), transparent (no coding required), and fast (negligible performance impact). Data Hub Service supports client-owned encryption keys using the public cloud provider’s key management system.

Data Reliability the MarkLogic Way

MarkLogic Data Hub Service has industry-leading uptime guarantees and adheres to strict data security standards for how the service is built and tested.

99.95% Availability

Here is a Summary of Some of the Security Guidelines and Processes that MarkLogic Adheres to:

  • Industry coding standards (e.g., CERT and HICPP for C++)
  • ISO standards for vulnerability management (ISO 29147 and ISO 30111)
  • Regular security reviews (threat modeling, code and cryptography reviews, bug fixes)
  • Security training (latest guidelines from Mitre, NVD, OWASP, etc.)
  • Hundreds of thousands of automated regression tests (static and dynamic)
  • Pen testing (third party, gray box)
  • Threat modeling (industry standard STRIDE framework)

Digital Compliance Made Easy

MarkLogic Data Hub Service is built with demanding cloud security policies to help you meet your policy objectives. It has third party certifications that validate functionality to ensure the security and integrity of your data, protect against breaches, and prevent unauthorized access.

SOC 2 Type II

The MarkLogic SOC 2 Type II report is an independent assessment of our control environment performed by a third party. It is based on the AICPA’s Trust Services Criteria and addresses the key trust principles of security, availability, confidentiality, processing integrity, and privacy.

Read blog post

Request Report

Attestation for compliance with US Food and Drug Administration regulations around handling electronic records.

Read blog post

Request Report

The NIST Cybersecurity Framework (CSF) is US-issued guidance for organizations on how to improve their ability to prevent, detect, and respond to cybersecurity risks. NIST 800-53 maps to other standards (e.g., ISO 27001) and underlies other standards like HIPAA and FedRamp.

Expected 2021.

Security framework established by the General Services Administration (GSA) in 2012 to protect data confidentiality, integrity, and availability in cloud environments.

Expected 2021.

Guidelines for complying with the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) related to processing, maintaining, storing, and sharing protected health information (PHI).

MarkLogic is HIPAA-ready.

The Defense Federal Acquisition Regulation Supplement is US DoD-specific rules for procurement within the US public sector.

Self-attestation with DFARS

General Data Protection Regulation (GDPR) that went into effect in May 2018 with the goal of strengthening personal data protection in Europe.

MarkLogic complies with GDPR, and helps customers comply with GDPR.

Privacy Guaranteed

MarkLogic deployments are architected to ensure complete data privacy. No one except those you authorize ever gets access to the data you store in the MarkLogic Data Hub Service. Ever.

Network Isolation

The MarkLogic Data Hub Service architecture uses virtual network peering to maintain separation between the customer and the service networks. Each of the service virtual networks is dedicated to a particular customer and is used solely for their data. The data is encrypted using customer-owned encryption keys and never accessible by MarkLogic Support.

Learn More About Data Hub Service

Sign Up for a Live Demo

See how MarkLogic simplifies complex data problems by delivering data agility.

Register Now