Data Security at DataLab

Our Focus on Data Security

We've fostered a culture of security at DataCamp, starting right from employee onboarding, emphasizing the importance of data security and privacy. We require all employees to undergo data security training and adhere to the necessary policies to uphold our ISO certification. To ensure compliance, we leverage software vendors and consultants to monitor and test our systems against potential threats.

Security-aware architecture

Security has been and continues to be a key factor in DataLab’s architecture. Credentials and secrets are stored securely in an enterprise-grade vault, encrypted at rest and in transit. Every action that users and DataCamp employees take on the DataLab platform leaves an audit trail. DataLab only stores the results of queries you perform against databases or data warehouses, if you decide to cache these for your next visit. Rather than needing to give access to the underlying data, you can leverage DataLab to share the insights on that data instead.

Control at various levels

DataLab features a comprehensive set of controls for administrators to decide which users can take which actions within DataLab, and can access which workbooks and data assets. These controls operate on different levels:

• User level: limit who can do what, and what new users can do by default.

• Data access level: limit who can access which databases or data warehouses, and which tables within those databases and data warehouses.

• Workbook level: the creator of a workbook can decide who can view, comment on or edit the workbook alongside them. Admins can limit the sharing capabilities of other members in the organization.

Account security

DataLab supports signing in through email and password combination, trusted third party login providers that offer several means of multi-factor authentication (Google, Linkedin, Facebook), as well as single-sign on via SAML or OIDC connections.

Encrypted throughout

All data – database credentials, file uploads, notebook contents, cached query results, visualizations, etc – is encrypted:

• In transit. As data moves between the user’s browser and DataLab’s servers and between services in DataLab’s micro-architecture, DataLab employs TLS.

• At rest. DataLab uses AES 256 bit encryption to securely store data on AWS infrastructure.

Flexible infrastructure

DataLab’s primary deployment model is a multi-tenant Kubernetes cluster managed by AWS (EKS) is deployed in a multi-tenant model. Adhering to the principle of least privilege, each customer only has access to that customer’s data and resources.

DataLab optionally offers a single-tenant deployment model for customers that require resource exclusivity and/or non-US data residency. This single-tenant model is still deployed within DataLab’s AWS infrastructure and ensures that customer data is stored and processed on separate systems that are exclusive to the customer.

Data Security Policies

DataLab adheres to strict data security policies regarding access control, data use, application security, support, and incident response. For a full overview of administrative, technical, and physical safeguards, please refer to DataCamp's general security overview.