The Looker application is managed in public cloud datacenters. These facilities implement various physical and environmental controls to ensure that Looker customer data is well protected from possible theft or loss.
Logical separation of data
While Looker does not persist customer database information, the application does store configuration information, event data, and cached query results. Looker is architected to logically separate this information in order to isolate customer data and reduce cross-tenant exposure risk.
Data Security Architecture
Looker follows best practices for security architecture. Proxy servers secure access to the Looker application by providing a single point to filter attacks through IP blacklisting and connection rate limiting.
Looker employs a Cloud-based distributed backup framework for Looker-hosted customer servers.
Availability and durability
The Looker application can be hosted in a variety of different public cloud data centers across the globe.
Monitoring & Authentication
Access to a customer’s back-end servers
Access to a Looker-hosted back-end environment requires approval and multiple layers of authentication.
Access to a customer’s Looker application
Employee access to customer Looker instances is provided in order to support a customer’s needs. Access requires approval and multiple layers of authentication. Additionally, customers can control all access from Looker to their application via a Support toggle.
Monitored user access
Access to your Looker environment is uniquely identified, logged, and monitored.
Network and application vulnerability scanning
Looker’s front-end application and back-end infrastructure are scanned for known security vulnerabilities at least monthly.
Logs across the Looker production and corporate environments are collected and stored centrally for monitoring and alerting on possible security events.
Reputation monitoring/threat intelligence
Collected logs and network activity are checked against commercial threat intelligence feeds for potential risks.
Anomalous activity, like unexpected authentication activity, triggers alarms.
Data Security Encryption
Locally-stored sensitive application data, including database connection configurations and cached query data, is encrypted and secured using AES encryption.
Secure credential storage & encryption
Native usernames and passwords are secured using a dedicated password-based key derivation function (bcrypt) with hashing and salting.
Data in transit is encrypted and secured from the user’s browser to the application via TLS 1.2.
SSL / SSH encryption
Looker enables you to configure your database connection via encrypted TLS 1.2 or SSH.