Confidentiality and Data Protection

Dear @Mostapha,

Do you see any issues with people running simulations for confidential projects through Pollination?

So far, I can see that I can create private projects to keep people outside of my organisation from seeing them. I can also create teams and only allow project access to certain teams, which means I can control who has access within my organisation.

However, I can see project managers and IT having other concerns depending on the level of sensitivity of a project, and asking questions about where the data is stored and how secure it is etc.

It would be great to get some clarification on this!

Hi @Max, this has come up in a number of calls and it’s a very valid concern. Currently all the data are stored on our cloud provider’s server in the US. That being said we have designed Pollination to be able to change this based on an account (e.g. Aurecon) in the future. It’s not a feature that we currently support but it something that we can support if it is critical to our customers.

Is it that some of your projects should keep the data inside a certain geographical location or is it the case that you want to keep everything on your servers in the office - if you have such severs.

I’m copying @antoine here in case you have any specific technical questions.

1 Like

@Mostapha I’m not entirely sure what the rules are for us - I haven’t really had to deal with this topic so far but have sent around some messages internally to find out what our requirements are and will get back to you

1 Like

Hi @Max ! I just wanted to chime in to respond to this:

We use Google Cloud Storage as our bulk storage provider. GCS is reviewed by multiple public and private security audits such as ISE and NIST 800-171. You can see Google Cloud Platform’s full compliance certification suite for the US region here.

Artifacts downloaded from GCS through Pollination are provided through “signed URLs” which are single-use links with limited access to a single resource. The default time limit that we use is 900 seconds and the maximum time that a download link from GCS can remain valid is 7 days. Only users with read access to a project are able to see artifacts and get download links for them.

As @Mostapha mentioned, we plan to add support for on-premises storage in the future for people who prefer to have the physical media under their supervision. But in any case, we take data security seriously and welcome any feedback you and your team might have!