The greatest risk is by far social engineering and mistakes made by your colleagues, like sending passwords via email, or former employees being able to use their old passwords to access your data. This is mitigated using several techniques, for example: two-step verification requires all of your employees to manually unlock the data using a text message sent to their phone. You can also require your colleagues to change their passwords as frequently as you’d like.
Our permission system lets you restrict access to specific tables, views or columns, thus letting you expose as little as needed to every colleague. We also allow you to automatically expire users after a predefined amount of time, unless you manually renew their accounts, in order to prevent former employees from retaining access to your data.
Anomaly detection is used to identify strange connections to your data, for example, someone running a query from a new computer, or a different country than usual. You may choose to completely block these queries unless you’ve manually approved them.
Finally, you’re given full access to all queries performed by each user, as well as statistics per table, allowing you to audit your company’s data access patterns, and identify any suspicious activity.
It’s worth nothing that even Panoply.io doesn’t have direct access to your raw data or your encryption keys, unless you explicitly invite them to your account via our UI.
We invite you to learn more from our security white paper