Security and Certification

Gain confidence that your data is protected and we follow a rigorous testing and evaluation program.

Security Always
at the Forefront

Security has been baked into Instaclustr’s platform and operations since Day One. We understand that you are trusting us with your valuable data, and we take that responsibility very seriously. As part of our security focus, several of our offerings are PCI-certified, and we have been SOC 2 compliant for several years. Both of these certifications require individual and regular external compliance audits.

SOC 2 Certification

The internationally recognized SOC 2 standard is a set of compliance requirements verifying the security practices of service providers and other companies who store sensitive customer data in the cloud. To achieve compliance, Instaclustr underwent an independent technical audit to assess its policies and procedures in accordance with three trusted principles: Security, Availability, and Confidentiality.

While the Security trust principle is a mandatory component of the audit, Instaclustr chose to include the optional Availability and Confidentiality principles to further demonstrate to customers our strong data security capabilities.

With this designation, Instaclustr becomes the first—and currently the only—hosted Cassandra service provider to provide a security environment audited to meet the SOC 2 standards of the American Institute of Certified Public Accountants (AICPA).
Holding SOC 2 compliance is now part of Instaclustr’s formal security program, which includes regular independent penetration testing and participation in a bug-bounty program to encourage third-party reporting of potential security issues.

PCI Certification

We offer the ability to create clusters that are PCI certified for Cassandra and Kafka on AWS. The PCI-DSS (Payment Card Industry Data Security Standard) is the payment card industry’s mandated information security standard and applies to all organizations that store, process, and/or transmit cardholder data. PCI-DSS certification requirements dictate that all system components either within the cardholder data environment or with access to it must feature specific and strict technical, physical, and operational security controls.

Our security program is designed around methodologies that include security considerations built into our platform, as well as continual review, testing, and monitoring of our environment.

With Instaclustr managed services, our customers can achieve both SOC 2 certification and HIPAA (Health Insurance Portability and Accountability Act) compliance.

Learn More About the Security Process We Follow in Our Operations Environment

Certification Framework

We follow a rigorous testing and evaluation program for selected open source technologies.

Instaclustr Certification Framework
for Open Source Software

Our certification framework program continually assesses the health of selected open source projects and tests specific versions of open source software within the project, applying a repeatable and reproducible methodology.

Learn more about our program

Enterprise-Grade and Production-Ready Certified Apache Cassandra

Be assured that specific releases of Apache Cassandra have been tested across a range of functional, performance, and integration properties. This is completed prior to any Cassandra release being added to the Instaclustr Managed Platform for deployment in production environments.

Learn more about Certified Cassandra

Gain Access to Instaclustr Certification Documentation

Download Documentation

Related Resources

Apache Cassandra Security

Tuesday 31st January 2017

Apache Cassandra security has hit the news lately with a benevolent hacker attempting to warn owners of unsecured Cassandra databases about their exposure (see https://www.bleepingcomputer.com/news/security/a-benevolent-hacker-is-warning-owners-of-unsecured-cassandra-databases/). Apache Cassandra Security At Instaclustr, we take security very seriously. We were confident that our default configurations would not allow access to this type of scan. We have used our central […]

Learn more

Achieving HIPAA Compliance Using Instaclustr on AWS

Thursday 29th June 2017

Building on our recently announced SOC 2 compliance, Instaclustr is pleased to announce the immediate availability of a white paper detailing how clients can achieve HIPAA (Health Insurance Portability and Accountability Act) compliance using Instaclustr services. HIPAA applies to health care providers engaged in certain electronic transactions, health plans, and health care clearinghouses as well […]

Learn more

Instaclustr Announces PCI-DSS Certification

Wednesday 19th February 2020

Instaclustr is very pleased to announce that we have achieved PCI-DSS certification for our Managed Apache Cassandra and Managed Apache Kafka offerings running in AWS. PCI-DSS (Payment Card Industry – Data Security Standard) is a mandated standard for many financial applications and we increasingly see the PCI-DSS controls adopted as the “gold standard” in other […]

Learn more