Compliance & Security
TiDB Cloud Lake is built with security at its core, providing comprehensive protection for your data through multiple security layers, encryption standards, and compliance certifications.
Security
TiDB Cloud Lake implements multiple security layers to protect your data and control access to your resources:
Access Control
TiDB Cloud Lake uses a comprehensive access control system that combines:
- Role-Based Access Control (RBAC): Manages permissions through roles assigned to users
- Discretionary Access Control (DAC): Allows resource owners to directly grant permissions
Data Protection
Masking Policy: Protects sensitive data by controlling how it's displayed to different users, helping you comply with privacy regulations while still allowing authorized access.
Network Policy: Controls which IP addresses can connect to your TiDB Cloud Lake resources, allowing you to restrict access to specific networks or locations.
Password Policy: Enforces strong passwords with customizable requirements for length, complexity, and rotation to prevent unauthorized access.
Secure Connectivity
AWS PrivateLink: Enables private connections between your VPC and TiDB Cloud Lake without exposing traffic to the public internet. Currently available on AWS only.
Encryption
TLS 1.2
We provide end-to-end encryption for all communication. All customer data flows are solely over HTTPS. Connections are encrypted using TLS 1.2 from clients through to the TiDB Cloud Lake API gateway, ensuring:
- Data confidentiality during transit
- Protection against man-in-the-middle attacks
- Secure client-server communication
Storage Encryption
TiDB Cloud Lake Enterprise supports server-side encryption in Object Storage Service (OSS). This feature enables you to enhance data security and privacy by activating server-side encryption for data stored in OSS. You can choose the encryption method that best suits your needs:
- AES-256 encryption
- Customer-managed keys (CMK)
- Hardware security module (HSM) integration options
Compliance
At TiDB Cloud Lake, we prioritize data security and privacy, and have achieved key compliances that validate our commitment to protecting your data. Our security practices are regularly audited by independent third parties to ensure we meet the highest industry standards.
SOC 2 Type II
We have successfully attained SOC 2 Type II compliance, validated by independent auditors. This certification confirms that our systems adhere to the American Institute of Certified Public Accountants (AICPA) trust service criteria for security, availability, processing integrity, confidentiality, and privacy. We continuously monitor and enhance our operational controls to maintain this standard.
GDPR
TiDB Cloud Lake adheres to the General Data Protection Regulation (GDPR), the European Union's regulation designed to protect individuals' privacy and personal data. Our compliance includes strict data privacy enforcement, robust encryption, and regular privacy audits to ensure the rights and data privacy of our users across the EU are protected.