Security at Spice AI
%20(1).png)
.png)
Built on Principles
Our principles form the solid foundation of Spice AI’s security, guiding every decision and action we make.
.png)
Compliance
Certified compliance with industry standards including SOC 2.
.png)
Secure-Access-Control
All Spice AI systems are protected by Secure-Access-Controls including Authentication (AuthN), Authorization (AuthZ), and RBAC (Role-Based-Access-Control).
.png)
Data Protection
All secret and sensitive information is encrypted in-transit and at-rest.
.png)
Multi-Factor-Authentication (MFA)
All authentication systems require and enforce Multi-Factor-Authentication (MFA).
.png)
Least Privilege
Least-Privilege-Access is employed so that users, employees, and contractors do not have greater access than necessary.
.png)
Defense-in-Depth
Multiple security controls in depth.
.png)
Auditable
Access and usage are logged and auditable.
.png)
Secure Code
Code is scanned and tested for secrets and vulnerabilities.
Just-In-Time Access
Access is given only when it's required.
Security & Data Protection
Data Protection
Corporate and production secrets are encrypted at-rest and in-transit. Corporate secrets are stored and managed in an enterprise-grade password manager with SSO access. Service secrets are stored and managed in platform-specific secure key vaults and key stores. A minimum of TLS 1.2+ is employed for encrypted transmission.
Compliance
Spice AI, Inc. has achieved SOC 2 Type II compliance, in accordance to the AICPA's SOC for Service Organizations standards, also recognized as SSAE 18. The certification was conducted by Prescient Assurance. The Audit Report is accessible to customers enrolled in the Spice.ai Enterprise plan, available upon request.
Secure Code & Patch Management
Code is scanned and tested for secrets and vulnerabilities during Continuous Integration (CI) systems, using GitHub Security features like Dependabot, CodeQL, and Secrets Scanner. Base-level operating systems and container images are monitored, upgraded, and updated on regular cycles.
Auditable
Access is logged and auditable.
Secure Access Control
Spice AI corporate, development, and production systems are protected by Single-Sign-On (SSO) Secure-Access-Controls. This includes secure Authentication (AuthN) and role/group-based Authorization (AuthZ).
Defense-in-Depth
Spice AI employs multiple levels of security, including Firewalls and Bastions for access into private networks, user, service, and machine authentication and authorization.
Deployment Environments and Controls
Deployment environments, such as Development, Production, etc. are utilized and segregated. Controls including approvals for deploying to Production environments are used, enforced, and logged.
Multi-Factor Authentication (MFA)
All access requires and enforces Multi-Factor-Authentication (MFA) where possible.
Least Privilege
Least-Privilege-Access is employed so that users and employees do not have greater access than necessary.
Just-In-Time Access
No-standing-access is enforced, with users only given access when required (JIT) and for a limited period of time.
