Business Intelligence Security & Data Governance

Cloud Infrastructure
Public cloud facilities The Looker application is managed in public cloud datacenters. These facilities implement various physical and environmental controls to ensure that Looker customer data is well protected from possible theft or loss. Logical separation of data While Looker does not persist customer database information, the application does store configuration information, event data, and cached query results. Looker is architected to logically separate this information in order to isolate customer data and reduce cross-tenant exposure risk. Data Security Architecture Looker follows best practices for security architecture. Proxy servers secure access to the Looker application by providing a single point to filter attacks through IP blacklisting and connection rate limiting. Redundancy Looker employs a Cloud-based distributed backup framework for Looker-hosted customer servers. Availability and durability The Looker application can be hosted in a variety of different public cloud data centers across the globe.
Monitoring & Authentication
Access to a customer’s back-end servers Access to a Looker-hosted back-end environment requires approval and multiple layers of authentication. Access to a customer’s Looker application Employee access to customer Looker instances is provided in order to support a customer’s needs. Access requires approval and multiple layers of authentication. Additionally, customers can control all access from Looker to their application via a Support toggle. Monitored user access Access to your Looker environment is uniquely identified, logged, and monitored. Network and application vulnerability scanning Looker’s front-end application and back-end infrastructure are scanned for known security vulnerabilities at least monthly. Centralized logging Logs across the Looker production and corporate environments are collected and stored centrally for monitoring and alerting on possible security events. Reputation monitoring/threat intelligence Collected logs and network activity are checked against commercial threat intelligence feeds for potential risks. Anomaly detection Anomalous activity, like unexpected authentication activity, triggers alarms.
Data Security Encryption
AES encryption Locally-stored sensitive application data, including database connection configurations and cached query data, is encrypted and secured using AES encryption. Secure credential storage & encryption Native usernames and passwords are secured using a dedicated password-based key derivation function (bcrypt) with hashing and salting. TLS encryption Data in transit is encrypted and secured from the user’s browser to the application via TLS 1.2. SSL / SSH encryption Looker enables you to configure your database connection via encrypted TLS 1.2 or SSH.

Source Article