cloud: update security FAQs #12498
Closed
cloud: update security FAQs #12498
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
ti-chi-bot
added
missing-translation-status
lulukelu
added
area/security
qiancai
added
translation/no-need
ti-chi-bot
added
the
size/L
|
@lulukelu Please add me to the review list. |
qiancai
reviewed
Feb 15, 2023
Co-authored-by: Grace Cai <qqzczy@126.com>
hfxsd
reviewed
Feb 16, 2023
hfxsd
reviewed
Feb 16, 2023
hfxsd
reviewed
Feb 16, 2023
hfxsd
reviewed
Feb 16, 2023
hfxsd
reviewed
Feb 16, 2023
Co-authored-by: xixirangrang <hfxsd@hotmail.com>
tennix
reviewed
Feb 16, 2023
|
|
||
| - Business data (including consumer data and table data) | ||
| - Database files (including database backups and snapshots) | ||
| - Logs (including SQL logs and ) |
qiancai
reviewed
Feb 21, 2023
|
|
||
| - Encryption: TiDB Cloud supports encryption at rest and in transit. Data is encrypted when it is stored on disk, and is also encrypted when it is transmitted over the network. | ||
|
|
||
| - Access controls: TiDB Cloud allows customers to control who has access to their data by setting up access controls list. Customers can set up roles and assign privileges to specific users. |
There was a problem hiding this comment.
Suggested change
| - Access controls: TiDB Cloud allows customers to control who has access to their data by setting up access controls list. Customers can set up roles and assign privileges to specific users. | |
| - Access controls: TiDB Cloud allows customers to control who has access to their data by setting up an IP access list. In addition, TiDB Cloud allows customers to set up roles and assign privileges to specific users only. |
|
|
||
| - Access controls: TiDB Cloud allows customers to control who has access to their data by setting up access controls list. Customers can set up roles and assign privileges to specific users. | ||
|
|
||
| - Network security: TiDB Cloud is designed to run in a virtual private cloud (VPC) to isolate customer traffic from other traffic on the internet. TiDB Cloud also supports secure network communication using SSL/TLS. |
There was a problem hiding this comment.
Suggested change
| - Network security: TiDB Cloud is designed to run in a virtual private cloud (VPC) to isolate customer traffic from other traffic on the internet. TiDB Cloud also supports secure network communication using SSL/TLS. | |
| - Network security: TiDB Cloud operates in a virtual private cloud (VPC) that isolates customer traffic from other traffic on the internet, and TiDB Cloud supports secure network communication using SSL/TLS. |
|
|
||
| - Network security: TiDB Cloud is designed to run in a virtual private cloud (VPC) to isolate customer traffic from other traffic on the internet. TiDB Cloud also supports secure network communication using SSL/TLS. | ||
|
|
||
| - Backup and disaster recovery: TiDB Cloud provides a variety of backup and disaster recovery options to ensure that customer data is protected in case of an outage or disaster. Customers can set up automatic backups, incremental backups, and point-in-time recovery, as well as replicate their data to different regions for disaster recovery. |
There was a problem hiding this comment.
Suggested change
| - Backup and disaster recovery: TiDB Cloud provides a variety of backup and disaster recovery options to ensure that customer data is protected in case of an outage or disaster. Customers can set up automatic backups, incremental backups, and point-in-time recovery, as well as replicate their data to different regions for disaster recovery. | |
| - Backup and disaster recovery: TiDB Cloud provides a variety of backup and disaster recovery options to ensure that customer data is protected in case of an outage or disaster. Customers can set up automatic backups, incremental backups, and point-in-time recovery (PITR), and replicate their data to different regions for disaster recovery. |
|
|
||
| - Backup and disaster recovery: TiDB Cloud provides a variety of backup and disaster recovery options to ensure that customer data is protected in case of an outage or disaster. Customers can set up automatic backups, incremental backups, and point-in-time recovery, as well as replicate their data to different regions for disaster recovery. | ||
|
|
||
| - Compliance: TiDB Cloud is designed to comply with various data privacy and security regulations, such as ISO27701,SOC2,GDPR and HIPAA. Customers can also set up their own compliance requirements and audit logs to monitor access to their data. |
There was a problem hiding this comment.
Suggested change
| - Compliance: TiDB Cloud is designed to comply with various data privacy and security regulations, such as ISO27701,SOC2,GDPR and HIPAA. Customers can also set up their own compliance requirements and audit logs to monitor access to their data. | |
| - Compliance: TiDB Cloud complies with various data privacy and security regulations, such as ISO27701, SOC2 Type II, General Data Protection Regulation (GDPR), and Health Insurance Portability and Accountability Act of 1996 (HIPAA). Customers can also set up their own compliance requirements and audit logs to monitor access to their data. |
qiancai
reviewed
Feb 21, 2023
Co-authored-by: Grace Cai <qqzczy@126.com>
Co-authored-by: Grace Cai <qqzczy@126.com>
|
/verify |
qiancai
reviewed
Feb 21, 2023
azurezyq
reviewed
Feb 25, 2023
|
|
||
| As a customer, you have complete control over your data: | ||
|
|
||
| - You can choose how to protect your data using TiDB Cloud, which offers encryption at rest and in transit to safeguard your data. Additionally, you have the option to manage your encryption key. If you prefer to bring your key, contact [TiDB Cloud Support](/tidb-cloud/tidb-cloud-support.md). |
There was a problem hiding this comment.
I think we should not say this before the launch of CMEK offcially.
|
|
||
| - TiDB Cloud runs in a virtual private cloud (VPC) that isolates customer traffic from other traffic on the internet, and TiDB Cloud supports secure network communication using SSL/TLS. | ||
|
|
||
| - TiDB Cloud provides various backup and disaster recovery options to ensure that customer data is protected in case of an outage or disaster. Customers can set up automatic backups, incremental backups, and point-in-time recovery (PITR), and replicate their data to different regions for disaster recovery. |
There was a problem hiding this comment.
I would suggest removing all data safety (not security) related stuff from this section. Mixing disaster recovery mechanisms with security practices is not good.
|
|
||
| - You can manage access to your data, as well as the TiDB Cloud databases and tools, through users, roles, and credentials that you control. | ||
|
|
||
| ## Is customer data securely stored in TiDB Cloud? |
There was a problem hiding this comment.
I think this section has some overlap with "How is customer data encrypted in TiDB Cloud?" later in the doc. Better to merge?
qiancai
reviewed
Feb 26, 2023
Co-authored-by: Grace Cai <qqzczy@126.com>
Co-authored-by: Grace Cai <qqzczy@126.com>
azurezyq
approved these changes
Mar 2, 2023
qiancai
reviewed
Mar 17, 2023
|
|
||
| Customer data includes data that customers or their consumers store in TiKV or TiFlash, which is located in the cloud providers' storage (such as S3 buckets or EBS of AWS). | ||
|
|
||
| Customer data does not include TiDB Cloud diagnosis data, metadata: |
There was a problem hiding this comment.
Suggested change
| Customer data does not include TiDB Cloud diagnosis data, metadata: | |
| Customer data does not include TiDB Cloud diagnosis data or metadata: |
|
|
||
| ## Who has control over customer data? | ||
|
|
||
| Customer have complete control over your data: |
There was a problem hiding this comment.
Suggested change
| Customer have complete control over your data: | |
| Customers have complete control over their data: |
Comment on lines
+38
to
+40
| - You can choose how to protect your data using TiDB Cloud, which offers encryption at rest and in transit to safeguard your data. | ||
|
|
||
| - You can manage access to your data, as well as the TiDB Cloud databases and tools, through user management that you control. |
There was a problem hiding this comment.
Suggested change
| - You can choose how to protect your data using TiDB Cloud, which offers encryption at rest and in transit to safeguard your data. | |
| - You can manage access to your data, as well as the TiDB Cloud databases and tools, through user management that you control. | |
| - Customers can choose how to protect their data using TiDB Cloud, which offers encryption at rest and in transit to safeguard the data. | |
| - Customers can manage access to their data, as well as the TiDB Cloud databases and tools, through user management. |
|
|
||
| ## Who owns customer data? | ||
|
|
||
| Customer have the ownership of your customer data, and therefore have the right to decide which data can be processed, stored, and hosted by TiDB Cloud. TiDB Cloud will not access or utilize your customer data without your explicit permission. |
There was a problem hiding this comment.
Suggested change
| Customer have the ownership of your customer data, and therefore have the right to decide which data can be processed, stored, and hosted by TiDB Cloud. TiDB Cloud will not access or utilize your customer data without your explicit permission. | |
| Customers own their data and therefore have the right to decide which data can be processed, stored, and hosted by TiDB Cloud. TiDB Cloud cannot access or utilize customer data without customers' explicit permission. |
qiancai
added
the
do-not-merge/hold
|
hold this PR as the content is still not ready |
ti-chi-bot
bot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
qiancai
added
the
needs-cherry-pick-release-7.1
qiancai
added
the
needs-cherry-pick-release-7.5
qiancai
added
the
needs-cherry-pick-release-8.1
|
Close this PR since the content is still not ready. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First-time contributors' checklist
What is changed, added or deleted? (Required)
Which TiDB version(s) do your changes apply to? (Required)
Tips for choosing the affected version(s):
By default, CHOOSE MASTER ONLY so your changes will be applied to the next TiDB major or minor releases. If your PR involves a product feature behavior change or a compatibility change, CHOOSE THE AFFECTED RELEASE BRANCH(ES) AND MASTER.
For details, see tips for choosing the affected versions.
What is the related PR or file link(s)?
Do your changes match any of the following descriptions?