All Collections
Reporting and Data Export
Security considerations for Terminal49 DataSync
Security considerations for Terminal49 DataSync
Namita Dodeja avatar
Written by Namita Dodeja
Updated over a week ago

Terminal49 DataSync gives you direct access to your data, directly in your target data warehouse, database, or other data system. The data pipeline is fully managed to ensure the best data quality, reliability, and scalability.

As should be expected with this type of product, data security is our first priority. Below are some frequently asked questions about the security of our data sharing product.

  • How does Terminal49 make sure DataSync is secure?

    • The service is operated with industry-leading practices, including data encryption at rest and in transit. Data in transit is never logged or cached.

  • How can we make sure no one other than Terminal49 can have access to our database?

    • Secure Credentials: If sharing credentials for a given destination, the sharing service stores credentials in an industry standard cloud secrets vault.

    • IP Whitelisting: The sharing service is deployed behind a static IP. This IP can be whitelisted at the database level to ensure only traffic from the data sharing service can access the database with the provided credentials.

    • SSH Tunneling: The sharing service has the ability to connect to supported destinations via SSH tunnel through a bastion host. SSH tunneling can be used to avoid exposing the destination database to the public internet.

  • Do we need to share Database Credentials with Terminal49?

    • Depending on the destination database, credentials may need to be provided to replicate data. In cases where credentials are required, a single-purpose user should be created with the minimum access required. All credentials provided to the service are stored in industry standard secrets vault.

    • For supported destinations, role-based authentication can also be used, avoiding the need to share credentials entirely.

  • How do we make sure Terminal49 can't destroy or write to tables outside of the tables they have access to?

    • During configuration, our documentation setup steps will request only the bare minimum permissions to share data. This will effectively prevent the user from modifying any tables besides the specific tables the user is intended to modify.

    • The only data the service has access to – whether read, write, or update – is the data the service wrote. This is secure by design – there is no way for any of your data to be leaked.

  • Is this connection pattern common among data sharing services?

    • The sharing service is using best practice connection modalities shared among most ETL technologies (such as Fivetran).

  • What kind of certifications does Terminal49 DataSync have?

    • Our data sharing service is SOC 2 Type II compliant and certified, and is committed to an annual audit and professional pentest. Further, the sharing service is run on cloud providers who comply with industry-leading practices, including SOC 2 and ISO 27001.

For more information about DataSync, please see this article.

Did this answer your question?