Database Security
Thalassa Cloud’s Database as a Service (DBaaS) provides security features to protect your data and ensure compliance with industry standards. Our security architecture is designed using defense in depth principles, protecting your databases at multiple layers.
- Data Protection: Encryption at rest and in transit. Replication and connections all utilize TLS.
- Access Control: Role-based access control and authentication
- Network Security: Network isolation, traffic control, and support for security groups
- Compliance: Meeting industry security standards
Encryption
Encryption at Rest
All data stored in our database clusters is automatically encrypted at rest using industry-standard algorithms. The encryption process is transparent to your applications—no special configuration is needed. In the future, you will be able to provision clusters with a specific Encryption Key for Storage using our KMS.
Encryption in Transit
All connections to your database clusters are encrypted using SSL/TLS with support for TLS 1.2 and above, ensuring secure data transmission. Clients can also verify the server’s identity for added security.
Network Security
Security Groups
DBaaS supports security groups so you can control which IP addresses and networks can reach your database instances. Define allow rules per instance or per project to restrict access to trusted applications and environments only, reducing exposure to the internet and aligning with least-privilege access.