• Teradata Cloud Security

    Your Data and Analytics are Safe with Teradata

  • Teradata Managed Cloud Security

    Cloud computing has revolutionized the way organizations around the world manage their business and data, but it has also brought a unique set of concerns, especially when it comes to security. And while some businesses are quick to embrace the scope and convenience of the cloud, others remain hesitant because of fear about data breaches and cybercrime.

    For everyone, the challenge of security remains paramount. That’s why Teradata Managed Cloud delivers across-the-board service and support for every facet of cloud security, including physical, network, data protection, monitoring, and access controls.

    How Do You Keep My Data Secure?

    So what would it mean to have a cloud security solution that encompasses the very latest in best practices? For starters, you could rest assured that vital information is protected by the strictest International Standards Organization (ISO) security standards and that security efforts are managed proactively by a skilled team of experts. Information Security Management System ISO/IEC 27001:2013 Certificate of Registration for Teradata Managed Cloud (United States); certifications for Teradata Managed Cloud (Germany) will be posted when complete.

    aicpa logoTeradata understands that any successful cloud security solution requires close collaboration between you and your cloud service provider. We know it’s critical that your organization has a program that covers everything from data governance and compliance to cloud user access.

    We also recognize the necessity of having cloud security training available for all employees or contractors who have access to the cloud. Plus, it’s equally important to establish a data breach policy and to know your cloud provider’s incident response plan. And finally, you need the ability to audit your provider on a regular basis. Teradata’s Consulting Services security team is ready to assist you in any or all of those areas.

    Superior Physical Security and Compliance

    The Teradata Managed Cloud service environment has been designed and built to meet the high security control standards set forth in ISO 27001, SOC 2, PCI, and HIPAA requirements as well as the cloud-specific best practices outlined by the Cloud Security Alliance (CSA). Read the press release on 3rd party audits for security and compliance for Teradata Managed Cloud (United States).  See Figure 1.

    cloud security chart

    When it comes to physical protection of the data center infrastructure powering Teradata Managed Cloud service, we offer comprehensive support. This includes access control systems, alarm systems, administrator logging, two-factor authentication, codes of conduct, confidentiality agreements, background checks, and monitoring of visitor access. We log and monitor all physical access to the facility to detect and prevent potential security incidents. And we regularly review access logs to pinpoint any suspected unauthorized facility access then document such events and coordinate review and investigation with Teradata Corporate Security.

    Our Uptime Institute Tier 4 Gold Colocation primary hosting facility in the United States is staffed 24 x 7 x 365 and offers complete video surveillance with best-in-class monitoring and fire safety controls. In addition to ensuring that every system component entering or exiting our data center facilities has been authorized, documented, monitored, and controlled, each Teradata Managed Cloud facility meets or exceeds applicable requirements for emergency power, emergency power shutoff, emergency lighting, fire protection, temperature and humidity controls, and water damage protection.

    Rigorous Access Control

    As part of our access protection policy we assign a risk designation to every Teradata Cloud Operations position and establish screening criteria for individuals who fill those posts. Our program screens individuals prior to authorizing access and makes sure signed agreements are in place before access is assigned. The Teradata Managed Cloud solution also enforces password complexity, stores and transmits only encrypted password representations, and sets minimum and maximum lifetime restrictions on those passwords.

    Additionally, we offer a stringent re-approval process that includes:

    • Creating, enabling, modifying, disabling, and removing Teradata Managed Cloud Directory accounts in accordance with account management procedures
    • Approving all account management actions
    • Monitoring account management operations for any unauthorized actions
    • Disabling appropriate Teradata Managed Cloud Directory accounts whenever an individual is terminated or transferred
    • Modifying role-based access whenever an individual’s system usage or need-to-know requirements change
    • Automatically disabling inactive accounts after 90 days

    Two-Tiered Security Defense Plan

    Teradata Managed Cloud includes two layers of network security defense. The first layer consists of ingress and egress filtering control lists applied to our Internet border routers; these lists have been configured as ‘deny-by-default’ and limit connectivity. Robust application firewalls make up the second layer of defense.

    Teradata also configures your site-to-site VPNs (Virtual Private Networks) to terminate on the cloud firewalls and we set ACLs (Access Control Lists) to define which traffic may be transported across your tunnel. Any traffic not matching an “approved traffic” ACL will be blocked.

    Data Security and Monitoring

    Teradata Managed Cloud service encrypts and secures your data whether it’s coming, going, or at rest. For data in transit, we support secure connections between your application and your database. Cloud systems are accessible via IPsec VPN tunnels to your data center infrastructure, which provides an additional layer of security over open-access Internet-based connectivity. For extra protection you can also choose to use MPLS (Multiprotocol Label Switching) or P2P (point-to-point) circuits to connect to Teradata Managed Cloud.

    For data at rest, we utilize self-encrypting drives on dedicated database servers. There is also an optional “Enhanced Service” for column-level encryption which allows a database administrator to encrypt and control access to rows/columns within the database.

    Intrusion Detection and Protection

    To make it easier for you to proactively detect cyber-attacks and policy violations, the security monitoring process for Teradata Managed Cloud intelligently collects and correlates all security-relevant events. Network devices such as border routers and firewalls send intrusion events to our Security Information and Event Monitoring (SIEM) system. When the SIEM detects an intrusion attempt, it responds appropriately based on the type of event detected.

    Storage Device Decommissioning

    The only storage media used in the Teradata Managed Cloud environment are hard disk drives and primary memory used in Teradata Managed Cloud devices or the storage media you supply for loading your data. These media are stored in locked cabinets within the physically-controlled data center. All media is sent to the data center via secure courier or by another delivery method that can be accurately tracked.

    As part of our decommissioning support, the Teradata Cloud Operations team performs the following actions:

    • Sanitizes all digital media prior to disposal
    • Employs sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information
    • Shreds and destroys non-digital data prior to disposal
    • Maintains inventory logs of all media and conducts media inventories at least annually

    Don't Let Disruptions Hurt Your Business

    To help strengthen your disaster recovery and business continuity efforts, the Teradata Cloud Operations team maintains a contingency plan that identifies essential missions and business functions along with associated contingency requirements. We also provide recovery objectives, restoration priorities, and related metrics and address contingency roles and responsibilities.

    The disaster recovery and business continuity plan, which Teradata tests and reviews regularly, also shows you how to maintain vital missions and business functions despite potential information system disruption, compromise, or failure.

    Why Trust Teradata?

    Why should you trust the security parameters protecting Teradata Managed Cloud service? With a proud 35-year history of delivering industry-shaping database solutions, we understand the intricacies and importance of network security, access, management, monitoring, and control. Only Teradata brings you an unparalleled blend of technology, insight, and innovation. Our unique combination of industry knowledge, consulting expertise, analytic applications, and world-leading software offers everything you need to assess and maintain your security needs while enjoying the most effective cloud data warehouse and analytic environment available.

    Where Do I Go from Here?


    Contact Us