Get started on your path to becoming a ScyllaDB NoSQL database expert.Take a Course
ScyllaDB maintains a vulnerability reporting process that provides, at ScyllaDB’s security team’s discretion, a “bug bounty” to the first person who identifies a previously unreported security issue Vulnerabilities should be reported as of June 01, 2023, only by form according to the company Bug Bounty Policy.
ScyllaDB undergoes independent third-party audits to confirm that it meets strict industry standards for security, availability, processing integrity, confidentiality, and privacy.
ScyllaDB has been certified to be compliant with the following standards:
ScyllaDB Cloud clusters run within dedicated, isolated environments, including:
Inter-cluster access is not permitted.
The data plane is fully isolated from the control plane. Customer data is limited to the ScyllaDB cluster. The control plane does not store, query, or access customer data.
ScyllaDB Cloud team access to the system is:
ScyllaDB cluster uses NVMe to store data. The data on NVMe instance storage is encrypted using an XTS-AES-256 block cipher implemented in a hardware module on the instance. The encryption keys are managed by EC2 and generated using the hardware module and are unique to each NVMe instance storage device.
ScyllaDB Cluster uses SSD to store information. Compute Engine automatically encrypts data when it is written to local SSD storage space.
The ScyllaDB Security Checklist is a list of security recommendations that should be implemented to protect your ScyllaDB cluster. These guidelines cover the following topics: