At the core of MariaDB is our ability to deliver a secure and scalable service that protects the confidentiality, integrity and availability of our customers’ data.
Security is included at all levels of our technology and operations. Our commitment is to invest in the technology, people and processes that ensure our offerings are safe, secure and private.
MariaDB utilizes an end-to-end security strategy that enables us to deliver a world-class service while protecting customer data. Below are some of the major controls we leverage to secure our cloud service infrastructure:
MariaDB teams must go through an IDENT proxy and jump server requiring multi-factor authentication (MFA) in order to perform maintenance and support operations on behalf of customers.
MariaDB employees do not interact directly with customer database infrastructure, but rather through proxy and jump servers – controls which log every keystroke to capture and provide customers with a complete log of all actions performed by MariaDB support and engineering teams.
MariaDB Enterprise Server is preconfigured for production environments, including default security parameters to remove remote root access and all anonymous access.
MariaDB SkySQL is hosted on the Google Cloud Platform (GCP), which operates data centers in accordance with security best practices, including ISO 27001, SOC 2 (SSAE 18 / ISAE 3402 Type II) and PCI DSS. SkySQL deploys customer databases to each customer’s private Kubernetes cluster – which is contained within its own virtual private cloud (VPC). SkySQL database access is restricted to whitelisted IP addresses with encrypted connections via firewall rules.
MariaDB Enterprise Server includes replication and clustering for high availability (HA), as well as the MariaDB MaxScale database proxy to enable automatic failover.
MariaDB employs a secure by design philosophy; building security into our products before any code is written. Strict security and quality gates are utilized in every step of our development life cycle – from design to coding, testing and deployment.
MariaDB Enterprise Server undergoes an extensive and comprehensive quality assurance process to ensure reliability for production deployments. In addition, critical features and bug fixes in future releases are backported to ensure long-term stability and support.
MariaDB utilizes state-of-the-art encryption technology to protect customer data both at rest and in transit. Encryption for data at rest is automated using GCP’s disk encryption, which uses the Advanced Encryption Standard (AES) algorithm with 256-bit key length and all network traffic is encrypted using transport layer security (TLS).
MariaDB Enterprise Server’s storage engine encrypts data before writes and decrypts data during reads, ensuring that the data is unencrypted only when accessed directly through the server.
For details on reporting a security concern, see our vulnerability reporting procedures.
MariaDB is committed to safeguarding the privacy and security of our customers. This includes a robust compliance program that carefully considers data protection matters, including GDPR and HIPAA requirements. MariaDB operates in accordance with the following compliance requirements:
MariaDB enables customers that are subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use MariaDB SkySQL’s database-as-a-service (DBaaS) to process, maintain and store protected health information (PHI).
HIPAA provides federal data privacy and security safeguards for PHI. It applies to organizations that are HIPAA “covered entities,” including healthcare providers, health plans and healthcare clearinghouses.
The HIPAA requirements also extend to “business associates,” or businesses that work with the covered entities to create, receive, maintain or transmit PHI. Business associates are required to enter into a Business Associate Addendum (BAA) with covered entities to ensure that PHI is adequately protected. Under the HIPAA regulations, MariaDB and other database service providers are considered business associates.
To begin the process of entering into a BAA with MariaDB for MariaDB SkySQL, please speak to your sales representative or contact us at legal@mariadb.com.
Please note that each customer is responsible for independently evaluating its own use of MariaDB’s services as appropriate to support its legal and compliance obligations. There is no certification recognized by the U.S. Department of Health and Human Services for HIPAA compliance, and complying with HIPAA is a shared responsibility between the customer and MariaDB.
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of personal data of EU residents and provides individuals rights to exercise control over their data. We are committed to our customers’ success, including supporting their GDPR compliance efforts. Additional information can be found in our Privacy Policy and GDPR FAQ.
Data Processing Addendum
We make it easy to sign and submit the MariaDB Data Processing Addendum (DPA). MariaDB offers a DPA as a means of meeting GDPR adequacy and security requirements. The DPA is pre-signed by MariaDB; you can submit it by sending a signed copy to legal@mariadb.com.
Infrastructure Subprocessors
MariaDB owns and controls logical access to the infrastructure maintained by the entities set forth below, while these entities maintain the physical security of the servers, network and data center. You can opt in to receive an email notification upon changes to our subprocessors via the form below.
