Security on Saturn Cloud
Security on Saturn Cloud
Security and Privacy at Saturn Cloud
Saturn Cloud’s SOC 2 report verifies the existence of internal controls, which have been designed and implemented to meet the requirements for the security principles set forth in the Trust Services Principles and Criteria for Security. It provides a thorough review of how Saturn Cloud’s internal controls affect the security, availability, and processing integrity of the systems it uses to process users’ data. It also provides confidentiality and privacy of the information processed by these systems. This independent validation of security controls is crucial for customers in highly regulated industries.
SOC 2 Certification
We have completed the Service Organization Control (SOC) 2 Type 1 audit, which affirms that information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, and confidentiality.
We are exclusively hosted on AWS, a leader in physical data center security and controls. AWS takes care of maintenance, access monitoring, intrusion detection, environmental concerns, and asset management.
By default, the Saturn Cloud application, Jupyter Notebooks, and other deployments created through Saturn Cloud are accessible via the public internet through an Internet Gateway. However, Saturn secures access to these resources via our own authentication proxy. This configuration can also be modified so that an instance is only accessible on an internal network, such as an Amazon Virtual Private Network (VPN).
Saturn Cloud scans application code and containers regularly, including static analysis and container scans via Snyk. We’ve also established a set of guidelines to maintain ongoing security as we continue to improve, update, and expand our software offering.
We offer flexible deployment options to satisfy a variety of user preferences. Users can deploy Saturn in their own AWS environment, in which case we use AWS Identity and Access Management (IAM) to install and manage the deployment. All volumes for pods are Amazon Elastic Block Store (EBS) volumes, which are encrypted using AWS Key Management Service (KMS). We also offer Saturn Hosted for users who prefer to access a Saturn instance without using their own AWS account.
Saturn Cloud runs as a deployment inside Amazon’s Elastic Kubernetes Service (EKS). EKS is a fully-managed Kubernetes service and is certified Kubernetes conformant. EKS is built to work with AWS IAM to handle proper permissioning and security.
For Saturn Enterprise deployments, all data stays within the user’s AWS environment in a user-defined location, such as S3, Redshift, or Snowflake. With this option, no data ever has to leave the user’s AWS account.
Backup and Disaster Recovery
The Saturn Cloud application is automatically backed up nightly. This is preconfigured for all deployments and cannot be altered.