cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Databricks sql warehouse has Serverless compute as a public preview.

Ruby8376
Valued Contributor

There is a risk form infosec as it is processed in the control plane shared with other azure clients. s there any control to mitigate the risk?

1 REPLY 1

PL_db
New Contributor III
New Contributor III

You can find more information on that topic here.

"With Databricks, your serverless workloads are protected by multiple layers of security. These security layers form the foundation of Databricks’ commitment to providing a secure and reliable environment for even the most sensitive workloads.

They include but are not limited to:

  1. Dedicated compute resources
    1. Each workload runs on compute and encrypted storage that is dedicated to that workload
    2. Storage cannot be reallocated or reassigned after use 
    3. Both the compute and the storage are securely wiped as soon as the workload completes
  2. Network segmentation
    1. Each workload operates within a private network with no public IP addresses assigned
    2. That network is isolated logically from other workloads
    3. Lateral movement or communication between workloads is blocked
    4. All traffic between the user, the control plane, the compute plane and cloud services is routed over the cloud provider’s global network, not the public internet
  3. Encryption at rest and in transit
    1. All attached storage is protected by industry-standard AES-256 encryption
    2. All traffic between the user, the control plane, the compute plane and cloud services is encrypted with at least TLS 1.2
  4. Principle of least privilege
    1. Workloads have no privileges or credentials for systems outside the scope of that workload
    2. Access to the data is via short-lived (1-hour) tokens
    3. These tokens are passed securely to each specific workload"
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!