We’re Serious About Security
We understand that your data is important to your business. Learn more about how we ensure your data is secure, protected, and available.
Multi-layered Protection
Security is paramount in everything we do, from our engineering to our business operations. Zilliz's infrastructure incorporates a multi-layered approach that safeguards both data integrity and privacy across all our services and operations.
Data Encryption
Zilliz Cloud safeguards your data with encryption and access controls.
- Encryption in Transit and at Rest — All data is encrypted end-to-end to prevent unauthorized access.
- Secure Storage — Data is stored in object storage like AWS S3 or GCS with server-side encryption and unique encryption keys for each user.
For more details, see Storing and transmitting data with encryption
Network Security
Zilliz Cloud provides secure access options to protect your data:
- Private Link Connectivity — Establish direct, private connections to your instance without exposing traffic to the public internet.
- IP Whitelisting — Restrict access to approved IP addresses, minimizing unauthorized connections.
Zilliz Cloud allows you to control access by specifying trusted IP addresses or CIDR blocks at the project level. For enhanced security, you can also configure private links across AWS, GCP, and Azure, ensuring secure communication within your VPC.
Learn more: Set up a Whitelist | Set up a Private Link.
Identity and Access Management
Zilliz Cloud utilizes advanced identity and access management features to ensure proper authorization:
- Role-Based Access Control (RBAC) – Fine-grained authorization with precise user permissions.
- Audit Logging — Detailed audit logs track all cluster access activities, including logins, queries, and modifications, ensuring access transparency.
- OAuth 2.0 SSO Support – Secure, centralized Single Sign-On (SSO) for user authentication, eliminating the need for users to manage multiple credentials.
Backup and Disaster Recovery
In the face of unexpected events, our robust <0>backup and restore</0> mechanisms ensure data integrity and continuous availability. Our systems facilitate rapid restoration and minimize potential data loss through regular automated backups and disaster recovery planning.
Comprehensive Security Incident Response
When a security vulnerability is identified in Zilliz Cloud, our specialized staff are immediately mobilized to neutralize the threat. Our security incident management includes:
- Rapid response protocols to safeguard our system security.
- Automated upgrades and patches to ensure your database maintain the highest security standards.
- Timely notifications to keep you informed about security events relevant to your data.
Compliance
Zilliz Cloud is dedicated to continually expanding our suite of security and compliance certifications to meet customer requirements. We make these reports readily available to our customers, affirming our commitment to compliance and data integrity. For access to these reports, please contact Zilliz directly.
SOC 2 Type II
Zilliz Cloud’s SOC2 Type II report is a third-party validation of our security practices, maintained consistently throughout the reporting period. This report delivers a thorough, evidence-based evaluation of our commitment to maintaining the highest security standards, giving you confidence in Zilliz Cloud’s security posture.
ISO/ICE 27001
The ISO/IEC 27001 certification is an international benchmark for Information Security Management Systems (ISMS). Zilliz Cloud's adherence to this standard demonstrates our systematic approach to managing sensitive data in alignment with global best practices. This certification provides additional assurance that your information assets are well-protected.
Privacy
Zilliz is dedicated to transparency in how we manage and process data. Learn more in our Privacy Policy.
GDPR Readiness
The General Data Protection Regulation (GDPR) sets standards for handling and protecting personal data from the European Economic Area (EEA) and ensures individuals’ data rights. Zilliz is GDPR-ready and committed to supporting our customers' compliance efforts.
HIPAA Readiness
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates the protection of the privacy and security of health information. Zilliz is HIPAA-ready, enabling covered entities and their associates to use our secure cloud database to process, maintain, and store protected health information (PHI).
Reliability
Zilliz Cloud commits to 99.95% service uptime through our SLA. Read more about our system availability.
File a security report
If you believe you have discovered a security or privacy vulnerability in Zilliz Cloud, please contact security@zilliz.com