Our Commitment to Data Security at Denzing
At Denzing, security is the cornerstone of our platform, built on the world’s leading cloud providers – Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. These clouds provide us with a robust and highly secure infrastructure, allowing us to deliver our services while ensuring your data remains protected. The following outlines how Denzing integrates cloud-specific security features into our platform to maintain data confidentiality, integrity, and availability.
1. Multi-Layered Data Protection with Cloud Security
Encryption
Encryption is the primary mechanism by which Denzing ensures the confidentiality and integrity of your data. By leveraging the encryption capabilities of AWS, GCP, and Azure, Denzing ensures that all data — whether at rest or in transit — is fully protected.
-
Data in Transit: Denzing uses Transport Layer Security (TLS) 1.2 or higher to encrypt all communications between your client applications and the Denzing platform. This includes traffic flowing between Denzing and our cloud services, ensuring end-to-end encryption. Whether you're on AWS, GCP, or Azure, we leverage the cloud provider's edge security services (like AWS CloudFront, Google Cloud CDN, or Azure Front Door) to protect data as it traverses the public internet.
-
Data at Rest: Denzing employs AES-256 encryption for data stored on cloud services such as Amazon S3, Google Cloud Storage, and Azure Blob Storage. This ensures that all sensitive data, whether it’s business-critical database records or other application data, remains protected. In case of an unlikely physical breach, the data would still be encrypted and unreadable.
Data Minimization and Your Ownership
Denzing prioritizes data minimization and control, ensuring that your data is never unnecessarily copied or stored. By directly connecting to your databases hosted on AWS RDS, Google Cloud SQL, or Azure SQL Database, Denzing minimizes the data surface area exposed to potential risks.
-
Data Minimization: Denzing uses the cloud provider’s secure connections (like VPC Peering in AWS, Private Google Access in GCP, and Private Link in Azure) to connect directly to your infrastructure, ensuring we only access the minimal necessary data required for our operations.
-
Ownership and Compliance: Whether your data resides on AWS, GCP, or Azure, you retain full control over it. Denzing's architecture ensures that you maintain ownership and local control, simplifying compliance with stringent regulations like GDPR, HIPAA, and CCPA.
Secure AI and LLM Interaction with Cloud-native Privacy
When Denzing uses Large Language Models (LLMs) to query your database, we take advantage of cloud-native security features for data anonymization, encryption, and ephemeral processing.
-
Cloud Security Compliance: Denzing adheres to cloud-native best practices to ensure privacy during LLM interaction. For example, if using AWS Lambda to execute AI-driven queries, the Lambda environment ensures temporary storage of data is encrypted and discarded once the task is completed.
-
Ephemeral Data Usage: After extracting a temporary sample (only five rows), we rely on cloud services like AWS KMS, Google Cloud KMS, or Azure Key Vault to ensure any sensitive data remains encrypted and ephemeral.
2. Fortified Infrastructure Security Powered by Cloud Providers
Amazon Web Services (AWS)
Denzing’s platform takes advantage of AWS's security-rich infrastructure to secure all layers of our application and services.
-
AWS Virtual Private Cloud (VPC): Denzing operates within a logically isolated network provided by AWS VPC, where our application services and databases are hosted within private subnets. This reduces the attack surface and ensures no direct internet access to sensitive data.
-
Identity and Access Management (IAM):
- AWS IAM ensures that every user and service has least privilege access. Denzing’s internal IAM policies ensure that only authorized personnel can access critical infrastructure or customer data.
- Multi-Factor Authentication (MFA) is enforced for all users with administrative access, adding an additional layer of security.
-
AWS Shield & WAF: Denzing benefits from AWS Shield to protect against DDoS attacks and AWS WAF to block common web application vulnerabilities like SQL Injection and Cross-Site Scripting (XSS).
Google Cloud Platform (GCP)
Denzing leverages GCP’s comprehensive security tools to ensure that our platform benefits from one of the most secure cloud infrastructures available.
-
GCP Virtual Private Cloud (VPC): Denzing deploys its infrastructure within GCP’s VPC to ensure resources are isolated from the internet and can only communicate through secure, private connections.
-
IAM and Identity Solutions:
- Google Cloud IAM ensures that Denzing follows the least privilege principle by granting only the necessary permissions for each user or service.
- Google Identity Platform enables us to use secure authentication mechanisms for user and service account management, with integration for MFA and OAuth to further protect our users.
-
Cloud Armor & WAF: Denzing takes advantage of Google Cloud Armor to prevent DDoS attacks and use Google Cloud WAF to safeguard web applications from vulnerabilities, ensuring that all applications running on our platform are protected from malicious activity.
Microsoft Azure
Denzing integrates Azure’s security features to protect infrastructure, applications, and services from evolving threats.
-
Azure Virtual Network (VNet): Our infrastructure is deployed in Azure’s VNet, ensuring all resources are securely isolated and managed within a private network. Network Security Groups (NSGs) and Azure Firewall control access to and from internal resources.
-
Azure Active Directory (Azure AD): Azure AD plays a central role in managing user identities and securing access to our platform. It integrates with Role-Based Access Control (RBAC) to ensure users only access the resources necessary for their role. We also integrate MFA to add an additional layer of security to protect against unauthorized access.
-
Azure DDoS Protection & WAF: Denzing benefits from Azure DDoS Protection to safeguard our platform from large-scale attacks and Azure WAF to prevent common web exploits.
3. Application Security by Design: Leveraging Cloud-native Tools
Security is built into every stage of Denzing’s Software Development Lifecycle (SDLC). With cloud-specific tools and features, we ensure that our applications are secure by design.
-
Secure Coding Practices: Denzing’s engineering team follows secure coding best practices, with cloud-native tools like AWS CodePipeline, Google Cloud Build, and Azure DevOps to automatically scan for vulnerabilities as part of our CI/CD pipeline.
-
Vulnerability Scanning: Denzing leverages cloud-native scanning tools like AWS Inspector, Google Cloud Security Scanner, and Azure Security Center to scan for vulnerabilities across our infrastructure and applications.
-
Hardened APIs: Denzing’s APIs are designed with cloud-native security features such as rate limiting, input validation, and token-based authentication (e.g., OAuth 2.0 and JWT), ensuring that our users’ data remains secure while interacting with our services.
-
User Account Protection with MFA: We provide the option for all Denzing users to enable MFA, leveraging cloud-specific integrations with services like AWS Cognito, Google Identity, and Azure Active Directory.
4. Continuous Improvement: Cloud Security Maturity
Denzing is committed to continuously improving its security posture, and we align our security improvements with cloud-provider best practices.
-
AWS Well-Architected Framework: We regularly audit our infrastructure using the AWS Well-Architected Framework to ensure we meet the highest standards for security, reliability, and performance.
-
Google Cloud Security Best Practices: Denzing follows Google Cloud's Security Best Practices to ensure our platform is configured securely at all layers, from networking to IAM.
-
Azure Security Best Practices: We adopt Azure’s security recommendations to ensure we’re utilizing the latest tools and technologies to safeguard data and applications.
Thus, by leveraging AWS, GCP, and Azure, Denzing integrates the best-in-class cloud security practices into every layer of our infrastructure and application stack. Whether it’s through encryption, access control, or compliance with industry standards, our commitment to protecting your data remains steadfast. Each cloud provider contributes to Denzing’s robust security posture, ensuring you have the peace of mind to use our platform confidently.