What technical controls to limit data exfiltration from servers?

Again, we’re working on this security review for a potential customer, and we have more questions. What technical controls do you use to limit data exfiltration from servers?

Hello again! We utilize network firewall policies to limit data exfiltration.

We also have a feature to prevent external connections to any Render managed databases. You can read more about this here.

Our contact completing the security review says that we need a little more information on this. Is there something specific that we can use on Render that would prevent someone with access to the production database from downloading data from it?

Also, if it is not possible to limit downloads, is it possible to log who has accessed the data to download?

Note: This is time-sensitive, so we really appreciate your clarification!

Hi @dhanus, we don’t currently offer fine-grained access controls or database access logging. But I’d like to understand your use case better so I can give a more detailed answer. What kind of access would you like to give these people without giving them the ability to download data?

Thanks @david & @danielle!

A few follow-up questions:

  • How do the firewall policies limit data exfiltration?
  • Is there anything that would prevent a company insider from downloading information (i.e. logging or limiting the size of the download)?
  • Is there a way to limit downloads specifically to a Sparrow device?
  • Do you have any other suggestions for what controls Render could help us put in place to ensure a company insider cannot download our data for not work purposes?

Thanks for clarifying!