Security on Saturn Cloud

Security on Saturn Cloud

Security and Privacy at Saturn Cloud

Saturn Cloud’s SOC 2 report verifies the existence of internal controls, which have been designed and implemented to meet the requirements for the security principles set forth in the Trust Services Principles and Criteria for Security. It provides a thorough review of how Saturn Cloud’s internal controls affect the security, availability, and processing integrity of the systems it uses to process users’ data. It also provides confidentiality and privacy of the information processed by these systems. This independent validation of security controls is crucial for customers in highly regulated industries.

SOC 2 Certification

We have completed the Service Organization Control (SOC) 2 Type 1 audit, which affirms that information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, and confidentiality.

Physical Security

We are exclusively hosted on AWS, a leader in physical data center security and controls. AWS takes care of maintenance, access monitoring, intrusion detection, environmental concerns, and asset management.

Network Security

By default, the Saturn Cloud application, Jupyter Notebooks, and other deployments created through Saturn Cloud are accessible via the public internet through an Internet Gateway. However, Saturn secures access to these resources via our own authentication proxy. This configuration can also be modified so that an instance is only accessible on an internal network, such as an Amazon Virtual Private Network (VPN).

Software Security

Saturn Cloud scans application code and containers regularly, including static analysis and container scans via Snyk. We’ve also established a set of guidelines to maintain ongoing security as we continue to improve, update, and expand our software offering.

Cloud Deployment

We offer flexible deployment options to satisfy a variety of user preferences. Users can deploy Saturn in their own AWS environment, in which case we use AWS Identity and Access Management (IAM) to install and manage the deployment. All volumes for pods are Amazon Elastic Block Store (EBS) volumes, which are encrypted using AWS Key Management Service (KMS). We also offer Saturn Hosted for users who prefer to access a Saturn instance without using their own AWS account.

Container Management

Saturn Cloud runs as a deployment inside Amazon’s Elastic Kubernetes Service (EKS). EKS is a fully-managed Kubernetes service and is certified Kubernetes conformant. EKS is built to work with AWS IAM to handle proper permissioning and security.

Data Security

For Saturn Enterprise deployments, all data stays within the user’s AWS environment in a user-defined location, such as S3, Redshift, or Snowflake. With this option, no data ever has to leave the user’s AWS account.

Backup and Disaster Recovery

The Saturn Cloud application is automatically backed up nightly.  This is preconfigured for all deployments and cannot be altered.