Visuar is a software-as-a-service platform for data analytics and visualization.
This document outlines the security architecture of Visualr as well as topics related to the security of database connections and your data.
The Visualr platform is deployed and runs on Amazon Web Services in the ap-south-1 region of AWS located in Mumbai, India. Visualr does not utilizes any other 3rd party services.
Visualr leverages a set of best practices that guarantee the system security and data privacy:
Here is a basic overview of the Visualr architecture as it relates to the end user, Visualr backend services and connection to a customer’s data source:
To be able to run queries that power the analytical reports, Visualr needs access to your Database or Data Warehouse. Visualr supports all the best practice approaches (that evolved over last 4 years of growing use and acceptance of Cloud BI tools) to establishing this access securely. This applies to both connections to databases installed on own servers on cloud providers or own HW behind a firewall.
The following approaches are used:
Visualr is based on Lite DB and as such does not perform other operations on the database than running specific SQL queries for getting database metadata and running user-entered SQL queries to fetch the data that power the analytical reports.
The results of the database schema queries are stored as metadata on the data source, as long as the data source / account exists.
The results of the report query executions are stored in an in-memory Cache in the Visualr backend for up to 24 hours. After 24 hours, all the data are automatically purged and no copies of it are retained.
The queries that Visualr perform against your database are:
Any data that is either related to your account or a result of one of the analytical queries is subject to strong security, both in transit and at rest.
In transit, security refers to the security of the data as it is transmitted between the Visualr services and the end user’s computer. All Visualr communication is performed over HTTPS/SSL connection for both HTTP and Web sockets traffic. Visualr API is never served via a basic unencrypted HTTP connection, other than performing a redirect operation to let clients switch to HTTPS.
All API operations that contain account information or data need to be authenticated.
Visualr stores all account/user data in a database that is encrypted at rest and all backups of the data are encrypted. User passwords are stored with a best practice strong one-way hashed/salted encryption and cannot be decrypted. Database connection passwords or authorization strings are stored encrypted using a 256-bit key.
All Visualr APIs that provide read and/or write access to the account data is authenticated and require authorization via user email and password.
The result of user authentication is a session with a time-limited validity and an access token that authorizes the API access.
The following measures are implemented to prevent abuse:
Visualr employs a wide range of monitoring services that guarantee the uptime of the Visualr platform and allow to respond quickly to any operational problems.
Visualr never stores results of your analytical queries other than the in-memory results cache (kept for up to 24 hours and purged automatically afterwards).
Account data are stored as part of a database backup in an encrypted form. The backups are kept for a limited time (generally 30 days).
All data copies are handled by native Amazon AWS functions. Amazon AWS uses Guidelines for Media Sanitization (NIST 800-88 or DoD 5220.22-M) where all physical devices are destroyed in Amazon premises and no storage can leave Amazon premises.
Detailed description can be found at the AWS Security Whitepaper page 8, paragraph “Storage Device Decommissioning”.
Amazon AWS complies with some of the most demanding certifications, namely:
For a full up-to-date list of certifications and compliance audit reports see https://aws.amazon.com/compliance.
If you are a security expert or researcher and you believe that you have found a security issue in Visualr, we encourage you to notify us at firstname.lastname@example.org.
Please make a good faith effort to protect our users’ privacy and data.
We look forward to working with you to resolve the issue as soon as possible.