Skip to main content
Version: User Guides (Cloud)

Data Security

Data security is integral to Zilliz Cloud. This document summarizes key measures and policies that Zilliz Cloud implements to safeguard your data comprehensively.

Account and Privacy Protection

Zilliz Cloud protects user data from registration onwards by:

  • Using advanced cryptographic algorithms (SHA-256, bcrypt).

  • Adhering to strict policies against internal storage of usernames and passwords.

Data Isolation & Residency

Zilliz Cloud provides robust isolation and protection for your clusters:

  • Multiple data residency options: You can create clusters in your preferred cloud providers and regions. For details, refer to Cloud Providers & Regions.

  • Dedicated Namespaces: Each dedicated cluster operates in an isolated namespace with tailored network policies.

  • Separate Storage: Data is stored separately in dedicated object storage buckets.

  • Distinct VPC or subnet: The Control Plane (administrative tasks) and Data Plane (operational handling) reside in separate, isolated VPC or subnet.

Authentication

Zilliz Cloud utilizes OAuth0 for secure user authentication:

  • Supports Single Sign-On (SSO).

  • Supports Multi-Factor Authentication (MFA).

  • Provides cluster access through API keys and cluster credentials.

For details, refer to Authentication.

Access Control

Granular and role-based access control:

  • Hierarchical permissions (organization, project, cluster).

  • Pre-defined roles to simplify permission assignments.

  • Both intuitive operations on the console and programmatic access from your app are available.

For details, refer to Access Control.

Secure Network Access

Zilliz Cloud secures your network interactions through:

  • IP Allowlisting: Define allowed IP ranges (CIDR blocks) to restrict access.

  • Private Links: Establish secure, private connections between your VPC and Zilliz Cloud control plane.

For details, refer to Set up Whitelist and Set up a Private Endpoint.

Data Encryption

In Transit

  • HTTPS/gRPC with TLS 1.2+.

  • AES-256 encryption ensures secure data transfers.

At Rest

  • The stored data on Disk/Object Storage is encrypted using the AES-256 (256-bit Advanced Encryption Standard ) encryption algorithm

Audit Logging and Monitoring

Maintain visibility and accountability through audit logs:

  • Record activities across both control-plane and data-plane.

  • Stream logs directly to your storage solutions.

  • Leverage third-party tools for log analysis.

For details, refer to Auditing.

Data Integrity and Backup

Ensure data availability and recovery:

  • Automated and manual backup options.

  • Recycle bin functionality for data restoration (with defined retention).

For details, refer to Backup & Restore and Use Recycle Bin.

Certificates and TLS

Zilliz Cloud ensures secure connections:

  • Uses Let's Encrypt and AWS Certificate Manager for SSL certificates.

  • Auto-renews certificates 30 days before expiration (validity: 90 days).

  • Exclusively supports TLS 1.2 or higher.

📘Notes

Two-way TLS (mTLS) is currently not available.

Summary

Zilliz Cloud always places data security as its top priority. It emphasizes data security through comprehensive encryption, rigorous authentication, robust access control, private networking, and consistent auditing practices to maintain data confidentiality, integrity, and availability.