Information Security
DataRobot, the leader in Value-Driven AI, is developed and built with the enterprise in mind. Our multi-layered security program ensures compliance with industry standards and implements best practices for information security, corporate controls, and software development.
Data Confidentiality and Privacy
We prioritize the highest standards of data confidentiality and privacy to ensure the security and trust of our users. We employ robust encryption measures both in transit and at rest, guaranteeing that your data remains protected from unauthorized access.
If you want to keep your data in-house and use our Self-Managed solution, we can provide controls to help you meet your unique security and privacy requirements.
- Encryption in transit and at rest configurations are available using your own certificate authorities
- Compatible with DNSSEC
Authentication
Experience secure and effortless authentication with the DataRobot AI Platform. Trial users can easily sign up for a 30-day trial using their Google or Github accounts. For enterprises, we support SAML-based SSO, and Self-Managed customers can integrate with LDAP for centralized user management and authentication. Add an extra layer of protection with Multi-Factor Authentication.
Data connections are made secure with OAuth or username & password. Admins now have the power to configure and govern access to OAuth connections without compromising sensitive information.
API Security
DataRobot AI Platform utilizes two APIs for communication. All API communications are secured using TLS 1.2 to protect authentication materials. For DataRobot API, authentication is achieved through a bearer token in the HTTP authorization header. For Prediction Server API, authentication is done via HTTP basic authentication with a username and an assigned API token as the password.
Access Control
To empower you with granular control over your data, models, and resources, the DataRobot AI Platform uses role-based access control (RBAC) with default and custom roles, as well as fine-tuned sharing permissions. RBAC allows you to define and assign roles with specific privileges, ensuring users have access to only the functionality they need. Sharing permissions allow you to selectively grant access to resources, promoting collaboration while maintaining data security. This combination provides a flexible and robust access control framework, assuring a safe and seamless experience.
Cloud, Network, and Endpoint Security
We have systems in place to ensure your data is safe from malware, vulnerabilities, and other cybersecurity threats like network-based attacks and unauthorized access. We regularly perform penetration testing using a trusted third party to ensure that we are proactively identifying and addressing any potential vulnerabilities in our system.
Governance, Risk Management & Compliance
DataRobot has implemented a comprehensive GRC program, aligned with industry best practices, that includes annual external audits, security assessments of our production applications, on-prem and cloud assets, and security awareness training for employees. We have comprehensive policies and procedures in place designed to manage the integrity of our environment, including integrations with technology partners, to ensure that security is embedded at a technical, physical, and operational level.
Single-Tenant SaaS
Our most isolated cloud offering is designed for customers with elevated data privacy or data sovereignty requirements. Single-Tenant SaaS provides the latest DataRobot capabilities in a dedicated VPC that only you have access to. Focus on discovering value with predictive & generative AI; leave the deployment, monitoring, and maintenance to us.
Single-Tenant SaaS is currently available on AWS and Azure, with support for Google coming soon. It is available in dozens of cloud provider locations, allowing you to select your preferred region to meet specific data sovereignty requirements.
Certifications
DataRobot AI Platform has achieved the following certifications:
- ISO 27001: We are certified under ISO 27001, a globally recognized standard for an organization’s Information Security Management System.
- SOC2 Type II: We annually undergo an independent assessment of our cloud control environment.
- HIPAA: DataRobot’s HIPAA-compliant Single-Tenant SaaS offering is now available on both Azure and AWS. Healthcare organizations can confidently manage sensitive healthcare data, ensuring seamless and secure AI-driven insights for improved patient outcomes and operational efficiency.
Would you like to learn more about our security and privacy practices at DataRobot?
Access to our Trust Package, which contains our security and compliance documentation.