Secure Your GoodData Deployment

Security is a shared responsibility. To achieve a high degree of information security you should, among other consideration, review the points outlined in this section and establish adequate safeguards and measures.

General Security Considerations for All Deployments

To safeguard your environment, implement these security measures:

  • Establish an Identity and Access Management (IAM) system. Configure password policies and session timeout according to your corporate standards.
  • Manage technical accounts, privileged API tokens, and credential management, such as for declarative use.
  • Regularly update GoodData SDKs and frameworks to ensure the latest security baselines are being utilized.
  • Monitor GoodData release notes and service notifications for new security capabilities or security alerts.
  • Set up logging and monitoring/alerting for your solution on top of GoodData Cloud/CN, adhering to your corporate standards and security requirements.
  • If using DDoS prevention (like CloudFlare), ensure it covers the GoodData application.

Establish security features for client multitenancy, user security, and privacy:

Secure your web application:

Security Measures for GoodData Cloud Workloads

  • Limit access to your data source (dedicated credentials, read-only data access with write access for caches).
  • Secure the connection between your data warehouse and GoodData Cloud. Consider setting up AWS Private Link or use IP whitelisting, and ensure a valid TLS server certificate.

Security Measures for GoodData.CN Workloads

  • Design network security leveraging your own technologies.
  • Follow best practices for Kubernetes (k8s) deployment and apply the CIS Kubernetes Benchmark.
  • Set up security logging and monitoring, and establish your own Security Information and Event Management (SIEM).
  • Regularly upgrade your underlying infrastructure and GoodData.CN docker images to maintain the latest security baselines.
  • Run regular vulnerability scans of your network environment.