The security of your data is very important to us, and we designed Segmind with multiple layers of protection across a distributed, reliable infrastructure.
For Enterprise plan, we deploy Segmind in your cloud and provide the same cluster management tools backing our own internal infrastructure. This means you can keep your data in your own S3 buckets, perform runs on your own machines, and deploy models within your own cloud infrastructure.
The data engineer doesn’t need to worry about many of the details — simply write the code and Segmind runs it. A key benefit of the hybrid PaaS model is that the vast majority of your actual data remains in systems under your control, such as your AWS account. While certain data, such as your notebooks, configurations, K8s logs, and user information, is present within the control plane, that information is encrypted at rest within the control plane, and communication to and from the control plane is encrypted in transit.
We create a dedicated VPC to provide complete network isolation between clients. This helps us secure and monitor connections, screen traffic, and restrict instance access inside your virtual network. All data stored with Segmind are encrypted at rest. The keys are managed and rotated automatically by our Cloud Service Provider.
All files are encrypted at rest, whether they are files you create or anything you upload. The keys are managed and rotated automatically by the Cloud Provider.
For sensitive information (such as database integrations or environment variables), we apply a layer of industry standard AES-256 encryption before storing them in our database. Decryption keys are stored separately.
All data transmitted between Segmind and our users is protected using Transport Layer Security (TLS), and our Strict-Transport-Security (HSTS) settings assure that your browser will never send an unencrypted request to us.
All the data is stored on tier 1 data centers with highest level of compliance including HIPAA.
We support only trusted SSO providers and do not support email/password based authentication. All SSOs support multi-factor authentication (MFA) and have a high level of security.
Segmind access to your environment includes a cross-account IAM role. The cross-account IAM role allows the Segmind control plane to configure resources in your environment using the AWS APIs. It does not grant access to your data sets.
We follow the principle of least privilege in how we write design our cloud infrastructure and how we access it. We use Google account authentication with two-factor authentication enforced for all accesses to production systems.
Changes to source code destined for production systems are subject to code reviews by qualified engineering peers. We adhere to a secure development lifecycle and review the security implications of every change. Prior to updating production services, the contributors to the updated software version are required to verify that their changes are working as intended in the staging environment.
If you’re spot a vulnerability on our application (*.segmind.com), we’d love to know about it.