GoodData Cloud Security and Compliance

GoodData Cloud is a cloud-native solution incorporating robust data security and protection across all layers. Owing to the flexibility in deployment options, you can select a model that best aligns with your security and compliance requirements. However, as with all cloud-based solutions, it’s essential to remember that information security is a shared responsibility.

Adherence to Security and Compliance Standards

GoodData Cloud supports the following compliance standards and certifications by default:

• Service Organization Control (SOC2)
• International Organization for Standardization (ISO) 27001/27002
• EU and UK General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Family Educational Rights and Privacy Act (FERPA)
• Gramm-Leach-Bliley Act (GLBA)

If you require a certification that is not yet supported:

• Talk to our sales team to discuss whether this certification can be added to the GoodData Cloud service.
• Consider using GoodData.CN, our on-premise solution, with which you can achieve certification independently of GoodData.

Consider Deployment Options

When choosing between our cloud solution, GoodData Cloud, and our on-premise solution, GoodData.CN, consider the following factors:

• Your customers’ data sensitivity or compliance needs
• Data residency requirements
• Data segmentation needs

Additionally, think about your performance, availability, and business continuity needs.

GoodData Cloud

Choose this fully managed solution if:

• You want GoodData to handle security of the deployment, including infrastructure and network security, platform vulnerability and patch management
• You want GoodData to monitor security 24/7/365 and manage the incident response process

If you need additional security and availability commitments or prefer a dedicated cluster, consider purchasing an Enterprise plan with add-ons like a dedicated deployment option.

GoodData.CN

Choose this on-premise solution if:

• You or your customers want to limit additional service providers accessing their data
• You want to manage everything from your own datacenter or private cloud
• You want full control over deployment security
• There’s no supported cloud deployment in your regulatory zone or country and you need to keep data residency

Migration Between GoodData.CN and GoodData Cloud

With our declarative APIs and configuration-as-a-code approach, you can move your solution between the two deployment models.

Business Continuity and Disaster Recovery

As a modern cloud native product, GoodData Cloud is built in a way that allows for out of the box high availability and supports automated means to implement business continuity and disaster recovery.

Our business continuity practices are aligned with the international standard for Business Continuity Management Systems (BCMS) ISO 22301.

• GoodData Cloud is built to handle a range of availability issues, even up to a complete loss of one or more data centers in a given AWS region. If your customer standards necessitate further measures, adjustments can be made.
• For GoodData.CN, you can readily set up the desired level of high availability and resilience against outages leveraging declarative APIs (allowing to easily automate CI/CD approach to development, testing and production as well as to scale across multiple regions and geographies) and metadata backups (allowing for taking snapshots of customizations made by the end users). Using a combination of these two capabilities you can establish a disaster recovery strategy that fulfills your requirements.