Last updated: February 10, 2022.
Zilliz Cloud is designed to help you build secure, high-performing, resilient, and efficient infrastructure for your applications.
Zilliz operates in compliance with key information security standards and regulations.
Our services are independently audited and confirmed to meet privacy and compliance standards for data security and privacy via our certifications and attestations.
Each Zilliz Cloud dedicated customer receives a single-tenant vector database which is spun up in a separate virtual network in Zilliz Cloud managed cloud account. The customer has the choice to choose Amazon Web Services (AWS). The separate virtual networks are fully isolated to ensure that each customer’s cluster is separated from other customers. A limited number of Zilliz employees who require such access for maintenance & support are granted access to these customer clusters, as specified in the contracts between Zilliz and the customer.
All traffic between Zilliz Cloud vector database as well as client-server communications for Zilliz Cloud is encrypted using TLS. Zilliz Cloud vector database use TLS 1.3 digital certificates for inter-node and client-server authentication, which require a Certificate Authority (CA) as well as keys and certificates for nodes, and passwords or tokens for clients. The certificate authority is managed by Zilliz Cloud internally. TLS encryption is enabled by default for all secure clusters and needs no additional configuration.
All data at rest in Zilliz Cloud is encrypted using the cloud provider’s infrastructure-level disk encryption. In addition, Zilliz Cloud dedicated customers can bring their own managed key from cloud provider’s key management service to further encrypt the AWS & GCP cluster data using file-based encryption.
Zilliz Cloud has a process for identifying and managing security vulnerabilities and threats. Once a security vulnerability has been detected, appropriate staff at Zilliz Cloud are assigned to immediately fix it. Version upgrades and security patching are automatically performed for our Zilliz Cloud customer database, and customers are notified after the event. This will be followed up with a notification and updated patch on open channels such as documentation site.
Zilliz has designed the Zilliz Cloud service with the assumption that certain controls will be the responsibility of its customers. The following is a representative list of controls that are recommended to be used to reduce risk and enhance security when using the service.
Customers are responsible for adding and managing user accounts, credentials and access rights to the cloud console and their databases.
Customers are responsible for the strength of the passwords they choose for signing into the Zilliz Cloud console or their databases.
Customers are responsible for identifying approved points of contact to coordinate with Zilliz Cloud. The Support team may reach out to the designated contact to validate requests.
Customers are responsible for validating the accuracy and completeness of data contained in their environment.
Customers are responsible for data confidentiality controls at their organizations, such as segregation of duties, (non-)disclosure of information at the customer organization.
Customers are responsible for alerting Zilliz Cloud of security incidents when they become aware of them.
Customers are responsible for implementing Zilliz Cloud provided network security and data protection capabilities in Zilliz dedicated when customer data includes PII, PHI, or other sensitive data.
Zilliz is SOC2 Type I certified. The certification is based on the Vanta framework and has been audited by an external firm (Insight Assurance). The scope of the program includes Information Security, Availability, and Confidentiality. Check out the trust report for more information.
If you believe you have discovered a security or privacy vulnerability in Zilliz Cloud, please contact security@zilliz.com.