I would like to understand how you secure customer data and access. For example:

  • Could you provide information on how you protect customer data, including from your own employees or contractors, For example are there audit logs? Policies? Are there any option to encrypt data, including with customer key?
  • Customer access: I cannot find a 2-factor authentication option. Is this option available?
  • Additional app to faunadb access controls :
  • Can it use something more secure than tokens, such as AWS IAM?
  • Is here an option to enable IP whitelisting or any access control at the network level?
  • Have you received any security compliance certifications?
1 Like

Hi @jaohurtas and welcome!

Let me try answering your questions:

  1. Customer data can be accessed only with a key which is presented at creation. Faunadb employees do not have access to user keys. Audit logs are captured internally and we are planning to expose them to users in future. We do not support user encryption of data.
  2. 2 Factor authentication is in the release pipeline.
  3. Authorization is being improved to integrate with other vendors.
  4. We support only tokens for now.
  5. Users do not have access to enable IP Whitelisting or access control at network level of db. Something for users to enable in their application infrastructure
  6. Compliance is in the product radar but I don’t have an ETA yet.

Hope this answer your questions.


Are there any plans to support encryption of the data using customer-provided encryption keys?

Hi @joshatsophtrust and welcome!

For sure we are interested in implementing such feature, but unfortunately it is not in our Short Term Roadmap (~ 6 months).