Jul 21, 2022
A Look Under the Surface at Polaris Security
Shall we talk about trust? When you choose a Software as a Service (SaaS) vendor you trust that they will protect your data as if it were their own or better. Within Imply Polaris, trust is a principle success criteria, and we have taken a security-first approach in building a simple to use real-time database for modern analytics applications.
Built on Apache® Druid, Polaris is delivered as a fully-managed Database-as-a-Service. We have implemented security controls and practices to protect our product, and your data as our customer. In addition to our own confidence in our product; independent external 3rd party audit firms have attested to our security with an AICPA SOC2 compliance certification and an attestation for HIPAA.
But what about the things you can’t see in a compliance certification? These allow us to build trust in a way that makes you comfortable giving us the privilege to host your data. So let’s take a closer look into our security protection layers.
Polaris is built on Amazon Web Services (AWS) public cloud infrastructure. We use AWS built-in security along with additional tuning to make Polaris a trusted and secure experience.
Within Polaris we know isolation of information is important. We have built the infrastructure hosting Polaris with strict network isolation. We use separate AWS accounts to segregate our production environment from all other non-production assets.
Using AWS functionality such as Amazon Virtual Private Clouds (VPC), we enforce the principles of least privilege, leaning forward toward zero trust. VPCs allow us to define our network topology and apply defense in depth controls for both inbound and outbound traffic, including the use of security groups (stateful inspection firewall), Network ACLs, subnets, and route tables.
Additionally, we implement strict access controls to resources and their administration. To adhere to least privilege principles we perform periodic manual reviews of access assignments and role entitlements. We go even further to reduce our exposure to unintended access by hardening operating systems and minimizing the components, libraries, and externally consumable services in use. For example, we baseline our OS builds and infrastructure against CIS Security benchmarks for hardening.
Security of Data at Rest
Storage security begins with Amazon S3, which is used for cloud object storage with industry-leading scalability, data availability, security, and performance. We use S3 for file storage, log isolation, and deep storage.
Within S3 we strictly enforce HTTPS-only connections and encrypt data using AES-256. Each object is encrypted with a unique key that is envelope-encrypted with a regularly rotated master key. All storage access is managed via AWS IAM roles bound to each customer’s specific compute resources, preventing cross-tenant access violations. To ensure the integrity of these permissions and access, we log all object access operations.
Access and availability of metadata is vital to the efficiency and effectiveness of your experience within Polaris. We use Amazon Aurora, a global-scale relational database service built for the cloud, with full MySQL compatibility, for this metadata storage.
Within Aurora we use TLS 1.2 for all communications and encrypt data at rest using AES-256. AWS Key Management Service (KMS) provides key encryption management and scheduled key rotations. Each customer is logically isolated: We use separate users and DB schemas for each customer’s data storage. Monitoring is in place for this key information repository, and any unauthorized access attempt is blocked and logged.
Hosting and securing the data you trust with us is very important, but we also want to make sure that your information is available to you in case of an outage or unforeseen disaster event. Our S3 configuration is designed so that all files are versioned and can be restored after accidental or intentional deletion for 30 days. Full S3 buckets are backed up every few hours into a different geographical region. For this cross-region full backup we use Amazon S3 Glacier, which provides a secure and durable Amazon S3 storage class for data archiving and long-term backup. These backups are maintained for 30 days. With our model for S3 storage and backup, data can be restored within minutes for an accidental object-level deletion, and within 24 hours for a catastrophic bucket deletion or regional outage.
Within Aurora we distribute the deployment of the database servers across multiple availability zones for fast failover during a zone outage. Backups of the metadata storage are conducted nightly, which are restorable from each previous nightly snapshot.
Your data will always be protected and recoverable while using Polaris.
As previously mentioned in security of data at rest, access logs to storage resources are monitored and maintained by the Imply teams. Under the surface we have built logging functions to establish when actions are logged so if investigation warrants, events can be traced back to the initiating source. Whether it’s API logs with information on TCP packets via a VPC interface, HTTP requests from the API gateway, or storage access logs, we have it covered.
Security is designed into the core of Polaris. We have implemented tools and processes to discover and analyze vulnerabilities. We balance this discovery with evaluation of potential exploits to help determine the best mitigation techniques. Polaris uses the same prominent end to end cloud protection trusted by global innovators like VMware, Snowflake, Drift, and Nextdoor. Visibility and automated insights our tools provide us with continuous configuration, vulnerability, and threat information at our fingertips.
Cloud security posture and compliance checks are run nightly to identify any configuration best practice violations in our environment. If a violation is identified then an alert is sent to the Imply security team. Workload security functions provide process-aware threat and intrusion detection for our cloud environment. This security toolset processes AWS CloudTrail logs and host based agent scan data to build a baseline of normal behavior, updated hourly.
The log processing and baselining mean we can use machine learning techniques to compare each hour to the previous one to trigger in-context alerts for anomalous behavior. We receive alerts on anomalous activity in the context of applications, files (FIM), machines, networks, processes, and users.
The details of the information correlated into events allow us to drill down deeply into an alert. For example, if an engineer accesses AWS via a VPN connection originating in Tampa, FL and that same engineer always logs into AWS via a VPN connection with an origin IP in San Francisco, an alert is triggered. Or if a new K8s namespace is launched from a monitored K8s cluster, then an alert is logged and reviewed by Imply’s security teams.
In addition to anomaly detection, we use container security functions to scan, identify, and report vulnerabilities found in the software packages stored in our container registry. We identify and take action on software vulnerabilities in our container registry and manage that risk proactively to remediate vulnerabilities before they are deployed. In addition, we automatically correlate assessed images to active containers in Polaris, providing continuous visibility into our software vulnerability risks. For context, if an image were using a vulnerable version of Log4j, we can quickly and rapidly patch the container image while simultaneously identifying and remediating all active instances running the vulnerable component, greatly reducing our time to respond to such vulnerabilities.
Detecting and analyzing vulnerabilities is only one side of the coin. We also test for potential exploits, allowing us to stay ahead of lurking threat actors. We conduct periodic third party penetration tests. With other security tools we are able to combine state-of-art web application scanning technology and security consultant penetration testing, to achieve accurate and reliable dynamic security testing for Polaris. This robust solution scans for changes in the security of Polaris and validates mitigations via quarterly manual penetration tests. These penetration tests simulate a cyber attack against Polaris to check for exploitable vulnerabilities and drive our real world remediation efforts.
Even with all of this testing, there will be a time when we have to respond to real world events or zero day vulnerabilities. Our tools monitor, detect, and alert, so our teams around the globe can respond at a moment’s notice when the call to action arises. We keep our global teams ready with well trained, defined, and exercised incident response processes. Exercises are conducted often, so when the real world event happens and the pressure is high, we can respond instead of react. That’s why we were able to remediate all our deployed infrastructure’s exposure for the fairly recent Log4j zero-day vulnerabilities (Log4Shell) within 24 hours while other prominent SaaS companies took multiple days.
Security is constantly adapting. Imply’s team will always be vigilant and continue to tirelessly enhance the security we provide, because the threat will never stop evolving. You trust us with your important data, and we protect it as our top priority, because our integrity depends upon the security of your data and trust!