Security

MariaDB SkySQL incorporates features focused on enterprise governance, risk, compliance (GRC) and information security (infosec) requirements.

Portal Accounts

The SkySQL Portal is used to manage SkySQL services.

Feature

Benefit

Portal Accounts

MariaDB ID enables access to SkySQL via social login or email-tied accounts.

Teams

SkySQL Teams allow multiple MariaDB ID users to manage a pool of database services under a single billing profile.

Enterprise Authentication

SkySQL Portal can be configured to accept your SAML 2.0 IDP (identity provider).

Database Accounts

Feature

Benefit

Database user accounts

Authentication to SkySQL services.

LDAP

Optional authentication SkySQL services using LDAP (Lightweight Directory Access Protocol).

2FA

Optional two-factor authentication (2FA) for SkySQL services.

IP Whitelisting

Feature

Benefit

IP whitelist for monitoring

Control ability for an IP to access SkySQL Monitoring and Workload Analysis.

IP whitelist for services

Control ability for an IP to connect to a SkySQL service.

Security Controls

  • Access control through IP whitelisting, database user accounts and privileges, and portal user accounts

  • Data-at-rest encryption

  • Data-in-transit encryption

  • Enterprise Audit

  • Kubernetes isolation

  • Server hardening

    • Shell access to database servers is not offered

    • Users cannot write to the server file system

    • Some standard MariaDB plugins can be installed using Configuration Manager

    • It is not possible to install additional plugins to the file system's plugin directory

  • AWS PrivateLink, which can reduce the exposure of cross-region traffic from AWS to the public internet

  • VPC peering, which can reduce the exposure of cross-region traffic from GCP to the public internet

For additional information on MariaDB security practices, see the MariaDB Trust Center.