Database Integration Security Considerations
Before connecting your database to Transcend, there are a handful of security considerations that you should make before connecting your database.
The best security practice for production databases is to avoid granting direct access to a database. For this reason, people often put a web application or a bastion host as a layer between your database and anything that queries the database. In order to do this with Transcend, we recommend self-hosting a security module we call Sombra. Sombra is a stateless gateway that can be deployed at the edge of your VPC. Instead of Transcend querying your database directly, Transcend queries Sombra, which in turn queries your database.
If you are not self-hosting Sombra, you can still connect a Database integration, however, you will need to expose your Database directly to the internet. See the following section on restricting database access by IP address.
Using network settings, Sombra can be restricted to the IP ranges of Transcend's backend, and you then grant the Sombra gateway network level access to query your database. This allows for you to keep your database within a private subnet and avoid∏ direct access.
Transcend end-to-end encrypts database credentials and all sensitive information used to connect to your databases. This ensures that our core backend servers never see your plaintext keys—you (the admin) and Sombra (the system connecting to your DB) are the only two parties that can access the credentials, and you can self-host Sombra.
Sombra manages access keys to your systems and has a KMS (key management system) built in. Optionally, you can delegate key management to another KMS (like AWS KMS) to manage keys on hardware security modules.
Your use cases and the Transcend products you use will inform which permissions you choose to grant to the Transcend user used in your database connection.
If you are inventorying your data with our Data Inventory product, you will need to grant the user access to read the schema at a minimum. Granting access to read the data will allow Transcend to sample the tables, which will enhance Structured Discovery.
If you are fulfilling data access requests with our DSR Automation product, you will need to grant read access to the tables you want to query. If you are fulfilling Data Erasure Requests or opt outs, the Transcend user will need write access to your tables.
Transcend can execute pre-approved SQL queries, inserting a user's identifiers as parameters. You (the admin) can approve these SQL queries if you can log in to Transcend with a third-party SSO provider. These statements are cryptographically signed by you and verified by Sombra. This prevents Transcend from being able to query the database with arbitrary queries, or tamper with the statements you've approved. Only queries approved in the Manage Datapoints view can be executed.
It is generally recommended to run deterministic SQL queries that map to a unique user by a field such as email, phone number or a user ID.