MLOPS LIVE

Best Practices for Succeeding with MLOps Webinar ft. Noah Gift author of 'Practical MLOps' - May 24th at 12pm ET

Security

A Secure Environment for Development

The Iguazio MLOps Platform is designed with enterprise security, resiliency and functionality in mind. To support both an agile and secure environment, the Platform offers a centralized and integrated pane for IT security administrators to manage users and policies, allowing data scientists and engineers to work in a flexible ecosystem without worrying about security.

Enterprise-level security is an integral part of the Iguazio MLOps Platform. The most secure way to support enterprise privacy policies is to run in the customer’s account, giving them full control of security rules and policies.

The Iguazio MLOps platform is deployed on the customer’s network (on any cloud VPC or on-prem in a data center), and not as a SaaS solution. To ensure data privacy, Iguazio does not store customer data on its servers: customer data is stored in customer accounts only.

Identity and Authentication

With Iguazio, data scientists and engineers work in a secure but flexible ecosystem. The Iguazio MLOps Platform offers:

  • Security and control with credential propagation across all services in the Platform
  • Seamless integration with Active Directory
  • Integration with identity service for authentication (like Dex)
  • Programmatic authentication using an access key for data and control planes
  • Roles-based access control (RBAC)for management operation
  • Project isolation through membership with permission by member’s role, which partitions projects and their users, ensuring only authorized users can view and manage projects

Data Access

The Iguazio MLOps Platform offers a highly secured environment without a loss in performance. The Iguazio MLOps Platform offers a multi-layered data-authorization scheme, where each data-service operation—read, write, update, delete, and so on—is processed and examined in three layers, to ensure that the environment is protected and secured. Each layer can add to the restrictions of the previous layer: 

The “data” management policy:

As a preliminary step to accessing data in the platform, a user must have the Data Management Policy. This policy enables the implicit creation of data sessions, which are used for securing access to data.

Data-access policies:

Used to define fine-grained priority-based policies for restricting access to determine whether to grant or restrict access to a specific data resource and to what extent.

POSIX ACLs:

POSIX file-system authorization on all types of objects: objects, files, NoSQL, and streams.

Security Foundation

The Platform implements multiple mechanisms to keep your data safe:

  • Data in transit to the system is encrypted using industry-standard TLS 3
  • Data at rest encryption is supported using Linux Unified Key Setup (LUKS) with virtually no performance impact for all drive types
  • The built-in log service captures logs across all services and send them to a log analysis tool (like Elasticssearch)
  • Built-in auditing captures user management activities
  • Support for secured Private IPs deployment
  • Support for air-gapped deployment

Ongoing Security Process

Iguazio takes a rigorous and proactive approach to platform security on an ongoing basis, to address new vulnerabilities.

  • The platform and infrastructure is monitored continuously, and 3rd party penetration and vulnerability tests run on an ongoing basis. Reports are shared with our customers.
  • The development lifecycle has strict security policies baked-in.
  • Our team runs proactive tests to find vulnerabilities and quickly fixes them before they can be exploited.

Learn More

Data Science Platform Tutorials

Platform Overview

Get started with a video introduction to the Platform

Data Science Platform Documentation

Documentation

Access overviews, tutorials, references and guides