Security
Tecton implements industry-leading security practices in order to meet strict requirements for processing sensitive feature data.
This page provides a summary of Tecton's security and governance controls.
Network Controls​
- Virtual Private Tecton accounts run in dedicated Cloud Accounts & VPCs.
- All networking traffic is within the Tecton Account, and all connections to the Tecton Account, are encrypted using TLS 1.3.
- Optional Cloud Private Networking integrations, such as AWS PrivateLink.
Identity & Access​
- Tecton user accounts are managed through Okta, requiring strong passwords and 2FA.
- SSO & Federated Identity integrations with most Identity Providers through SAML 2.0 and OpenID Connect.
- SCIM User Management (coming soon).
Data Governance​
- Robust RBAC options for governing access to feature data, or modifying Feature Platform processing.
- Complete data lineage for feature pipelines, including historical log of all modifications to the Feature Platform.
- Data deletion APIs enable meeting governance requirements for PII feature data, such as GDPR.
Data Encryption​
- Features are stored in the Customer Cloud Account.
- Data always encrypted in flight and at rest.
- Optional Customer Manager Keys (CMK) for data encryption at rest.
Auditing​
- Comprehensive platform and feature access audit logs.
- Declarative pipeline configuration history.
Compliance & Legal​
Tecton maintains industry-leading security certifications. Contact Tecton for official reports.
- SOC 2 Type II
- ISO 27001
- DPA for GDPR and more
- 3rd Party Penetration tests