Stay secure with Teradata

Cloud data security is the number one priority when it comes to the Vantage environments Teradata provisions and maintains for customers. Teradata invests in third-party audits to demonstrate regulatory compliance with rigorous standards such as GDPR, PCI, HIPAA, ISO 27001, and SOC 1 and 2.

Teradata expert data security in the cloud

Cloud security solutions

Expert protection in the cloud

Cloud computing revolutionized the way organizations manage their data. Customers want as-a-service offerings for Vantage and at the same time there may be anxiety about entrusting intellectual property and IT infrastructure to an external provider.

Data Security is Teradata's top concern

Get serious about security

Cloud data security is the top priority

Teradata recognizes and respects customer concerns. Teradata treats data security as the number one priority for its as-a-service offerings. Industry best practices are overseen by a team of experts empowered to keep threats at bay.

Cloud Security for Vantage Delivered As-a-Service

Cloud data security for Vantage delivered as-a-service

Get the details of Teradata data security policies and regulatory compliance certifications.

Features and benefits

Data encryption
Data is encrypted in transit and at rest; additional data protection is available with proven solutions from noted security partners.

Active directory
As-a-service environments are LDAP ready, or you can use either database authentication or the Active Directory to authenticate database sessions.

Database user roles
All data stored within as-a-service systems are accessible only by individual user-IDs that are assigned to each of your designated users; the Cloud Operations team does not have access to customer data.

Audited compliance
Teradata invests in third-party audits to demonstrate regulatory compliance with rigorous security regulations such as GDPR, PCI, HIPAA, ISO 27001, FISC, and SOC 1 and 2.

Stringent access control
Teradata access protection policy mandates a risk designation for every Cloud Operations position and thorough screening criteria for all individuals filling those posts.

Two-tiered cloud security defense plan
Reinforced network security includes border router ingress and egress filtering control lists configured as ‘deny-by-default’ – and beefy application firewalls provide additional defense.

Cloud security and monitoring
The Teradata Security Information and Event Monitoring (SIEM) system collects and correlates all cloud security events, facilitating quick detection of cyber-attacks and policy violations.

Storage device decommissioning
Hard disk drives and primary memory in as-a-service infrastructure, and the physical storage media used for loading data, are stored in locked cabinets within secure data centers.

Teradata uses the process documented in NIST Special Publication 800-39, Managing Information Security Risk, as the basis for its security risk management program. The Teradata security risk management process focuses on tier 3, information systems view, as defined in the document and is organized as follows:

Risk framing
Establishing context for risk-based decisions

Risk assessment
Identifying and assessing security risks

Risk response
Addressing and mitigating identified risks

Risk monitoring
Monitoring risks and improving processes

Supply chain security policy
Teradata maintains a separate Supply Chain Security Policy reviewed annually. The Security Director reviews all cloud technology components and identifies those items being procured that are critical to maintaining security. These technology products and services are designated as Critical.

Open source security policy
Teradata maintains an Open Source Security Policy reviewed annually. All code libraries required for execution are identified and entries in the National Vulnerability Database are noted. Patches for all Critical and High-Risk items in the NVD report are documented and applied to the software.

Assets

GDPR compliance
The General Data Protection Regulation (GDPR), a regulation in European Union law on data protection and privacy, aims to give individuals control over personal data.

PCI DSS 3.2 attestation of compliance
Payment Card Industry (PCI) Data Security Standards (DSS) clarify the online credit card transaction requirements around encryption, access control, change management, application security, and risk management programs.

HIPAA audit reports
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) addresses technical and non-technical safeguards that “covered entity” organizations must put in place to secure individuals’ electronic protected health information (e-PHI).

SOC 1 and 2 audit reports
Coalfire Controls, LLC performed a Statement on Standards for Attestation Engagements No. 16 (SSAE16 SOC 1) and AICPA Service Organization Controls 2 (SOC 2) Type 2 examination for Vantage delivered as-a-service systems.

Rise above needless bottlenecks and complexity.