End-to-end security on every interaction
CData enforces identity, encryption, and audit at every read and write—keeping enterprise access controlled, logged, and provable.
Fit Check
Will this meet our security standards?
Identity, encryption, certification, and deployment controls that map to the questions your security team asks first.
Passthrough identity • SSO / SAML • Granular kill switches by user, connection, workspace, or account
SOC 2 Type II • ISO/IEC 27001:2022 • Regular third-party penetration testing
AES-256 at rest • TLS 1.3 in transit • Centralized secrets management
Cloud • Hybrid — data stays in your environment
The Problem
Security reviews should take days, not months
Each connector that copies data expands the attack surface and restarts the review cycle. Velocity stalls waiting on sign-off.
When every integration stores its own keys, secrets end up in config files and logs — with no clear picture of who has access or how to revoke it.
When governed tools can only read, teams write custom code to make changes — bypassing the audit and controls security depends on.
How It Works
Control enforced where execution happens.
Security lives at the context layer—applied to every prompt and action the moment it runs, not assumed from a perimeter.
A request arrives carrying the user's own identity through SSO — no shared service accounts and no source credentials stored in CData.
CData checks the request against policy: who the user is, the operation they are attempting, and the connection, workspace, or account it touches.
The operation runs at the source over TLS 1.3, with data encrypted at rest and secrets managed centrally — no copy is made to an intermediate store.
Every read and write is logged at the query level, and kill switches can revoke access at any level the instant it is needed.
Controlled access in. Provable, auditable execution out.
Key Capabilities
What a security review actually checks.
Incident response
Shut anything down in seconds, not hours
Granular kill switches revoke a user or agent's access, disable a connection, suspend a workspace, or trigger account-wide lockdown — and changes take effect instantly.
Encryption
Data protected in transit and at rest
AES-256 encryption at rest exceeds Federal compliance minimums, TLS 1.3 secures all data in transit, and secrets are managed centrally for every credential and config value.
Compliance
Audited against the standards you require
SOC 2 Type II and ISO/IEC 27001:2022, backed by regular third-party penetration testing. Independent findings are available under NDA.
Identity
Every action carries the user's identity
Passthrough identity means each source enforces its own permissions — there are no shared service accounts and no source credentials stored in CData.
Audit
Every read and write is provable
Query-level audit logging captures each operation across every connected system, so you can answer who did what, where, and when.
Data residency
Less data movement, smaller attack surface
Federated execution queries sources directly instead of copying data into another store, so sensitive data stays inside your environment.
Trusted where the stakes are highest
Financial services enterprise
Healthcare technology company
Implementation Path
A practical path from first connection to sign-off.
Connect with SSO
Connect the first source using passthrough identity and your existing SSO or SAML provider.
Milestone: Live access with no stored source credentials. Every session tied to a real user identity.
Turn on audit & controls
Enable query-level audit logging and configure kill switches across priority systems.
Milestone: Every read and write is logged. Access can be revoked by user, connection, workspace, or account in seconds.
Clear the review
Hand your security team the audit trail, certifications, and pen-test summary for sign-off.
Milestone: Security review completed against live evidence — SOC 2 Type II, ISO 27001, encryption, and identity all demonstrable.
Security & compliance
Data control that preserves governance.
- Passthrough identity on every read and write
- No source credentials stored in CData
- Query-level audit logging for every operation
- Granular kill switches — by user, connection, workspace, or account
- No data movement required — sources queried in place
- SOC 2 Type II — Completed.
- ISO/IEC 27001:2022 — Completed.
- Third-party penetration testing — findings available under NDA.
- AES-256 at rest · TLS 1.3 in transit
- Centralized secrets management — all credentials and config data.
FAQ
Questions security teams ask first.
Give your security team controlled, auditable access across live enterprise data.
Talk to our team about connecting your first source with passthrough identity and audit enabled. Or review the certifications, controls, and architecture behind CData security.