(warning) The Data Prep (Paxata) documentation is now available on the DataRobot public documentation site. See the Data Prep section for user documentation and connector information. After the 2021.2 SP1 release, the content on this site will be removed and replaced with a link to the DataRobot public documentation site.

Infrastructure and Application Security

Infrastructure Security

Access Controls
All ingress ports, whether on internal or external interfaces, are protected by security groups, which are automatically configured by Paxata’s system configuration tool. Customer/public facing ingress ports are: TCP 80/443.

Paxata utilizes jump hosts for SSH access to production infrastructure and all production admins are access-controlled using multi-factor authentication.

The production accounts use strict IAM roles and only key employees with a verified business need receive administrative access.

Assessments
We do not allow any customer-requested security scanning agents to be installed in our production SaaS environment. Paxata leverages an on-demand cloud computing platform to perform vulnerability scans against the environment. Penetration testing of Paxata is executed by a qualified third-party assessor and the results are integrated into the development workflow based on priority. Upon request, we can schedule vulnerability scans of our SaaS offering and coordinate the request with our cloud computing platform service.

Data Protection
Paxata utilizes TLS and HTTPS to encrypt the data when in transit. Paxata stores the data in an encrypted format when it is at rest to prevent access by unauthorized parties.


Application Security

Password Policies
Native Paxata accounts (defined as accounts that are not using LDAP or SAML) adhere to the following password requirements: the password must contain at least one number, one lowercase letter, one uppercase letter and one special character (!@#$%^&*+=), and at least 8 characters.

Paxata does not enforce account lockout policies or have any account lockout policy management capabilities for Native accounts.

For SAML authentication, the account policies and password requirements configured with the customer's SAML Identity Provider are enforced.

Production service accounts cannot be used for logins by any admin or user. The account is strictly used only to startup and run the Paxata application. The account does not have any access to customer data or permissions within Paxata.

Security Updates
Operating System security patches are applied to our Production SaaS environment after a security threat assessment/review. Careful testing is performed prior to applying any security updates so as to not compromise the integrity of our application/services. Application security updates to our SaaS offering are applied as soon as a fix is available.