Security Controls

Date

The below controls are a sample of the controls employed at SELECT to secure our platform. For additional information, or questions about our other controls, reach out to [email protected].

Security Controls

Fixed IP address

We also support Snowflake's network policies for customers who want to restrict inbound traffic to trusted IP address ranges. The IP address used by SELECT is 34.23.79.180.

Key-Pair Authentication

SELECT's service requires a new Snowflake user with read-only access to the Snowflake metadata database to be created. In addition to limited access and firewall restrictions, SELECT customers can further secure this user by using key-pair authentication instead of the traditional username & password approach.

Serverless Cloud Infrastructure

We do not maintain any of our own physical infrastructure and rely on Google Cloud Platform, our cloud provider, to host SELECT. We make use of serverless infrastructure wherever possible to ensure systems are automatically and regularly updated, continually monitored, and assessed for vulnerabilities. Google Cloud provides an extensive list of compliance assurances, including SOC 1/2-3, PCI, and ISO 27001.

We use software development best practices

This includes version control, declarative infrastructure, service oriented architecture, and test-driven development. We release changes to production environments via continuous integration, continuous deployment (CI/CD).

Hosting

All of our production systems and databases are running on Google Cloud facilities, hosted in the US East regions. For full information on the measures Google has implemented to secure their facilities, visit the Google Cloud Compliance page.

Physical & environmental security

SELECT relies on Google Cloud and their robust controls to manage the physical and environmental security of our systems. Visit the Google Cloud Compliance page for more information.

Encryption at rest and in transit

All application web traffic (in transit) uses HTTPS encryption and data stored (at rest) is encrypted by Google Cloud Platform with AES-256 encryption. We make full use of Google's secret management portfolio to store sensitive data like API keys. You can learn more about their capabilities for encryption at rest and in transit.

Password Policies

For third party software, we use Google as our SAML provider for Single Sign On when available, and we enforce two-factor authentication whenever possible. We have defined best practices for password creation, and when SSO is not available, we mandate employees to use the 1Password password manager to generate and store secure passwords.

Access Control - Secrets and Snowflake Metadata

Client secrets are provided directly by users that must be authenticated via our web application using a verified email. Secrets are programmatically and securely stored. Production systems are restricted so that application servers are authorized with access only when needed. Access to these production systems is restricted to our core engineering team.

Client Access Control - Production Systems

For our production systems, SELECT leverages Auth0 by Okta for client authentication to ensure secure access to our application (you can read more about Auth0's security practices here).

Internally, role-based access control is in place to protect our code base and production systems, and is granted on a need to know basis leveraging the principle of least privilege.

Monitoring & Incident Response

We have automated monitoring and alerting for our critical systems and services. To handle and resolve issues that arise, our engineering team maintains an on call rotation 24/7.

Personal Account Information

We aim to minimize the amount of personal data we collect and store about our clients; however, we do collect and store information such as name, email address, as well as billing address information in the normal course of business. You can learn more about the data we collect in our privacy policy.

Additionally, we may leverage tools to track usage of our product such as analytics tools and server logs that may receive information such as IP address or potentially email address and / or name.

When personal data is stored within our application, it is stored securely and encrypted while in transit and at rest.

Risk Assessment & Risk Management

It is important to constantly re-evaluate the risks to our business, to evaluate the effectiveness of our operations, and to constantly improve our controls.

As such, we track our IT assets and review access on a regular cadence, we update architecture diagrams for our systems as we make large changes to our systems, and we re-evaluate the risks to our business on a continuous basis. When we sign contracts, we review them to make sure our policies, procedures, and controls align with the expectations of our clients.

We strive for a culture of open dialogue within the company about the latest security threats and best practices, and our leadership team is expected to stay up to date on the latest regulation and compliance considerations that are relevant to our business.

Vulnerability Disclosures

If you identify a security concern with SELECT, please contact [email protected]. We will review your disclosure, respond to you within five business days of receipt, and take the necessary steps to remediate.

Please make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of services and/or data.