Responsible Security Disclosure
To report a security concern or incident, please contact email@example.com.
Continual is trusted with the most sensitive customer information of leading organizations. Security, compliance, and privacy has been of utmost priority from day one. This page gives an overview of the measures we take to protect your data.
Secure by design¶
Continual is built to be secure by design. Continual operates as a cloud software-as-a-service (SaaS) platform where all customer data remains stored on your company’s cloud data warehouse. This hybrid architecture means Continual only temporarily accesses data during model training and prediction operations using credentials controlled fully by the customer. Data is only temporarily accessed for training and inference. Continual fully respects the underlying data warehouses security policies. Machine learning features and predictions generated by Continual are stored in your cloud data warehouse not in the Continual platform.
Powered by Google Cloud Platform¶
Continual runs entirely on top of the Google Cloud Platform (GCP). Continual uses industry best practices to ensure a high level of physical, virtual, and network-level security that significantly reduces our security surface area. Continual also enables customer facing networking security options such as allowed IP addressing.
Data encrypted in transit and at-rest¶
Continual’s metadata database (Google Cloud SQL) is encrypted by Google Cloud Platform using AES-256 encryption or higher. Additionally, all ingress and egress is encrypted via TLS 1.2+.
Fine-grained access control and audit logs¶
Continual has fine-grained role-based access control and creates audit logs for every action taken. For access to customer data warehouses, Continual supports user and role-based authentication to ensure minimum levels of permission necessary. By avoiding data replication with a hybrid data architecture, Continual works seamlessly with the underlying data warehouse security policies, audit capabilities, and usage limits.
Access to the customer’s cloud data warehouse is fully controlled by the customer. By default, we recommend limiting the Continual to only have write access into a dedicated database and read access into relevant source tables. Customers can additionally choose to implement separate databases per project to further isolate work and ensure no sharing of data across projects.
Industry best practices for secure development¶
Continual’s team follows industry best practices and has decades of experience leading data sensitive development at large enterprises. Development is done using industry-wide best practices including automated and manual testing, code reviews, continuous deployments, production logging and alerts, and regular performance benchmarking. There is full logical separation of development and production environments, with named, dedicated accounts for each and highly limited and audited access to production. We are happy to discuss any security topics with customers as needed.
For cloud data warehousing that support restricting access via IP address, Continual is able to provide customers with a static IP for accessing the data warehouse.
SOC 2 Type 2¶
Continual is SOC 2 Type 2 certified and compliant.
Single tenant deployment options¶
For customer with specific cloud, region, or deployment requirements, Continual offers multiple deployment options, including single-tenant and private VPC deployments.
For additional information, please contact firstname.lastname@example.org.