Again, we’re working on this security review for a potential customer, and we have more questions. What technical controls do you use to limit data exfiltration from servers?
Hello again! We utilize network firewall policies to limit data exfiltration.
We also have a feature to prevent external connections to any Render managed databases. You can read more about this here.
Our contact completing the security review says that we need a little more information on this. Is there something specific that we can use on Render that would prevent someone with access to the production database from downloading data from it?
Also, if it is not possible to limit downloads, is it possible to log who has accessed the data to download?
Note: This is time-sensitive, so we really appreciate your clarification!
Hi @dhanus, we don’t currently offer fine-grained access controls or database access logging. But I’d like to understand your use case better so I can give a more detailed answer. What kind of access would you like to give these people without giving them the ability to download data?
A few follow-up questions:
- How do the firewall policies limit data exfiltration?
- Is there anything that would prevent a company insider from downloading information (i.e. logging or limiting the size of the download)?
- Is there a way to limit downloads specifically to a Sparrow device?
- Do you have any other suggestions for what controls Render could help us put in place to ensure a company insider cannot download our data for not work purposes?
Thanks for clarifying!
This is a time sensitive question.
We have a client that would like to know what controls we have available to keep someone like an engineer from just downloading the whole database.
Can you please explain what Render has available that might assist us with this scenario or if you would have any other suggestions to assist us with this?
Previous answers state Render has firewall policies for data exfiltration and has no fine-grained access controls or database logging.
Normally, an engineer would only need a very limited amount of data when working with the database. Is it possible to limit the size of a download and/or limit the download to a company-issued computer so we can limit what can be done with the data at the enduser?
Thanks for your responses.
Hi @dhanus ,
- How do the firewall policies limit data exfiltration?
I believe @danielle is referring to our IP-based access control: PostgreSQL | Render Docs
More sophisticated restrictions can be built on top of this if necessary, such as by only allowing access to the database via something like a jumpbox or bastion host with a fixed IP address, and requiring users to connect to that box. SSH or VPNs are approaches you can use to then manage access to that jumpbox or bastion.
- Is there anything that would prevent a company insider from downloading information (i.e. logging or limiting the size of the download)?
We don’t have policies in place for this. The best way to limit access is through the IP-based access control, or not giving a user access to the Render team that is hosting your database.
- Is there a way to limit downloads specifically to a Sparrow device?
This would be possible if Sparrow devices are part of a network with a known IP space, since you can use the IP-based access control. Otherwise, the jumpbox/bastion idea I mention above would be a way to have the sort of control you’re looking for.
- Do you have any other suggestions for what controls Render could help us put in place to ensure a company insider cannot download our data for not work purposes?
If the suggestions I’ve mentioned above don’t work, I definitely understand. If that’s the case, I’d recommend using an external database host like Google Cloud SQL or Amazon RDS that may give you the control you’re looking for, and connecting to that database from your Render service.
Hi @Cathy_H ,
The response I just wrote above to @dhanus has some of the recommendations that should help you. In general, our IP-based access control (Databases | Render · Cloud Hosting for Developers) is the best way to limit access for Render databases, and you can build more sophisticated access on top of that with something like a jumpbox or bastion host, but there is certainly complexity in building that that you might not want to take on.