The Data X-Ray is deployed in both a cloud and is also available on premise (or in a private cloud) for a custom setup for larger customers with strict security requirements. This article will only discuss our cloud deployment.

Commitment to Security

Ohalo is committed to security. This ethos extends throughout everything that we do. The Data X-Ray Cloud offering security model has several features to ensure that our client data is not compromised.

  1. End to end encryption: all data that flows into our servers is encrypted end to end with modern encryption technology. Encryption is maintained in transit and at rest.
  2.  No data retention on Ohalo servers: Ohalo never retains your data on our servers. So even if our servers were somehow compromised, none of our customers' data would be present to breach. Data is simply streamed into our servers, analyzed, and deleted with only the necessary metadata to show our customers relevant results saved on our servers.
  3. Encrypted and rotated keys: all keys at Ohalo are encrypted and rotated on a regular basis. Ohalo works on a principle of least privilege so only our staff that need access to a system have access to that system.
  4. Built on Amazon's secure platform: Ohalo's production systems where customer data might flow is only on AWS, who maintains SOC 1/2-3, PCI-DSS, ISO27001, and other certifications that ensure security. Click here to learn more about AWS security.
  5. Two factor authentication: You can require the users of the Data X-Ray to log in through your GSuite accounts and inherit the security of single sign on (SSO) with 2FA from GSuite OAuth.

Connecting to Your Datasources

The Data X-Ray needs access to your datasources in order to scan them. For cloud datasources like Google Drive and Box, Data X-Ray connects directly through OAuth. For other types of databases that you might have, the Data X-Ray connects through a secure connection from our VPC to our client VPC as below.

VPC datasources require some set up (under 30 minutes usually) from both Ohalo and the client.

If you have any questions or concerns about Ohalo's security practices, please feel free to contact us at any time at [email protected] or +44 20 8133 7236 / +1 415 800 2913 (Monday-Friday, 8:00-17:30 London time).

Did this answer your question?