Starburst takes many steps to ensure your data is safe with us.
The information security team at Starburst is responsible for implementing and maintaining organization-wide information security policies, remediating security incidents, and managing risk at an appropriate level for the Starburst organization. The team reports directly to the Vice President of Engineering.
Starburst is committed to protecting the privacy of individuals who visit Starburst sites and individuals and companies that register to use or purchase our software or services.
Under certain circumstances, you have rights under international regulations and data protection laws in relation to your personal data. Contact us to exercise any of your rights.
Details are available in our privacy policy.
Starburst uses third-party subprocessors to assist in providing services. For details, see Starburst subprocessors.
The following terms of service and end user license agreement (EULA) documents are available:
Starburst is dedicated to meeting the security and privacy standards that keep client data safe and secure.
Starburst has obtained SOC 2 Type 2 compliance. Contact us for a copy of the external attestation.
Starburst is ISO/IEC 27001 certified. Contact us for a copy of the external attestation.
Starburst conducts annual risk assessments and manages a risk register, which is reviewed regularly. A risk management program is in place to identify and prioritize risks, and ensure appropriate application of resources to minimize any negative impact.
Starburst applies a systematic approach to managing change so that changes to services impacting Starburst and our customers are reviewed, tested, approved, and well communicated. Change management processes are in place to ensure changes are tailored to the specifics of each environment. The goal of Starburst’s change management processes is to prevent unintended service and business disruptions and to maintain the integrity of services provided to customers. All changes deployed to production undergo a review, testing, and approval process.
Starburst requires the identification of and response to suspected or known security incidents; mitigation, to the extent practical, of harmful effects from security incidents that are known or suspected; and documentation of these incidents and their outcomes.
An incident response program is in place and roles and responsibilities are defined for all functions to ensure impact is minimal and cost and downtime is limited to the furthest extent possible. Regular tabletop exercises are conducted.
Access to confidential data is granted on a need-to-know basis, and only the minimum level of access required to satisfy business needs is granted.
Crowdstrike is utilized to protect Starburst hardware from legitimate and potential intrusion attempts. The Starburst IT group manages the Crowdstrike tool, and ensures updates are pushed regularly, to minimize malware risk.
Okta is used as our single sign-on provider for all business applications that support SAML. This allows us to enforce Starburst’s password policy for all of our business applications and two-factor-authentication when logging into Okta and Okta-managed applications.
Information security training is delivered to all employees during their employment at Starburst upon hire and at least annually thereafter.
Starburst requires that all vendors are assessed for their overall security posture.
If you believe you have discovered a vulnerability in a Starburst product, or have a security incident to report, contact us.
Once we have received a vulnerability report, Starburst takes a series of steps to address the issue:
We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and services, and better protect our customers.
All information provided is taken into account in our software development, security, and vulnerability management processes.
Is the information on this page helpful?
Yes
No