Security
We have given special attention to all aspects of our platform, ensuring that everything throughout its operation is as secure as possible. Graal Platform has been designed with security in mind.
Data protection
Data at rest
By default, Graal Platform automatically encrypts all data using 256-bit Advanced Encryption Standard encryption (AES 256). It's one of the strongest block ciphers available and is FIPS 140-2 compliant. The platform manages the encryption key, and it forms the first layer of data encryption.
Transparent Data Encryption (TDE) can add a second layer of data encryption for your job. It performs real-time I/O encryption and decryption of temporary data written to local disks at rest without requiring any changes to the application. By default, it uses AES 256.
Data in transit
Graal Platform depends on Transport Layer Security (TLS) for channel encryption, ensuring all data packets are secured and encrypted between the servers. It uses a signed server certificate from the Certificate Authority (CA) used for TLS encryption, managed by Graal Systems. Graal Platform supports data encryption in transit with TLS v1.2, using AES 256 encryption.
Access control
Graal Platform includes a role-based access control engine to manage different aspects of permissions. Leverage these built-in roles to assign permissions to users, groups, or other identities to manage who can:
- Publish code artifacts and list or access published code artifacts.
- Execute code on a runtime.
- Monitor or cancel job runs, review job output and execution logs.
Authentication
Authentication is the process of proving the user is who they claim to be. Authentication activities are logged, and an IT administrator can configure reports and alerts whenever a login from a suspicious location is attempted.
Network security
All Graal Platform services are protected by DDoS protection to mitigate malicious attacks (active traffic monitoring, always on detection, and automatic attack mitigations).
All traffic to our endpoints—even via public networks—is encrypted and secured in transit by Transport Level Security (TLS) protocol.
It's highly recommended to configure the IP firewall rules to allow inbound connections only from the specified list of public IP addresses.
Threat protection
Graal Platform provides Auditing, Threat Detection, and Vulnerability Assessment to audit, protect, and monitor services.