by Alex Pauncz | July 13, 2023

CData Drivers: Enterprise-Grade Security in Every Connection

The average enterprise uses about 200 applications to run their business and support the needs of their customers—up from around 80 just a few years ago. Employing connections between those applications is no longer optional, it is critical. Solutions offering various data managements services no longer see out-of-the-box connectors as a differentiator; they’re essential to even the playing field in a competitive space. But what risks does this approach pose?

At CData, security is a core part of every business operation and software development process. When you leverage CData Drivers, either for internal connectivity or as an embedded layer in your solution, the sanctity of your data — and your customers’ — is paramount.

SOC-2 compliance: Verified, enterprise-grade security

In 2022, CData completed our Systems and Organization Controls (SOC-2) Type 1 certification, one of the most rigorous security compliance certifications available, and we’re on track to complete SOC -2 Type 2 by the end of 2023. The rigors involved in achieving SOC-2 compliance and the depth of product, infrastructure, and policy scrutiny are well-known in the industry.

With our SOC-2 compliance certification, you can deploy our market-leading connectivity with confidence, knowing we adhere to stringent industry standards for security and risk management.

Data virtualization: We never access your data or network

As a data virtualization solution, CData Drivers provide OEM partners with software libraries that are embedded in their own protected environments. Our drivers operate in a similar fashion; you directly own all the IT and security-related connections, and we can’t see your data. With this approach, customer data never actually touches or passes through CData servers. CData can't access your or your customers’ networks, which helps protect you from man-in-the-middle and backdoor attacks.

Support for OAuth and Single Sign-On (SSO)

To connect through a CData Driver to the data from an underlying source, you must authenticate access to that platform. For example, if you want to access Salesforce data in Microsoft Power BI, you must log into Salesforce. To secure your login process, we provide comprehensive OAuth and Single Sign-On (SSO) support, enabling you to take advantage of the robust authorization and authentication processes you and your customers already have in place. With OAuth and SSO, only authorized users can access your data through a centralized, streamlined process.

Data privacy and protections

We respect the privacy of your information and that of your customers. We are fully compliant with U.S. and international consumer data privacy regulations, such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our commitment to data privacy keeps you covered.

Comprehensive testing

We continuously monitor and test our network and applications, following best practices and regulatory requirements to ensure our drivers meet the highest standards.

In addition to working with third parties for regular penetration testing across our enterprise products, we regularly run vulnerability code scans of our drivers using industry-leading testing solutions, such as Checkmarx. We continuously update our codebase against any and all threats detected in any scans.

A dedicated CData security team

CData has made a complete commitment to security at every level of the organization. As we have scaled, we have brought on a veteran chief information security officer (CISO) and built a dedicated security engineering team to provide full-time security commitment.

To continuously harden CData security, this team:

  • Runs regular vulnerability scans in our network
  • Oversees a full security event management system
  • Operates ORCA threat detection software in our cloud environments
  • Manages a broad suite of solutions for threat detection and vulnerability management

Our level of investment in security is one reason the largest enterprises and solutions providers, such as Google, Salesforce, and Tibco, trust CData Software. It does not stop there either; numerous government institutions and universities trust our solutions to access their data every day.

Security at every step: Training and peer reviews

Our engineering team takes a proactive approach to security with extensive security training, including the Open Worldwide Application Security Project (OWASP), required of all our employees involved with product development and management.

We ensure our entire team receives industry-leading external training to bake security into every step of our process. In addition, CData requires peer reviews of all its code as part of our documented software development lifecycle processes and procedures.

Low IP risk with intellectual property ownership

Many software vendors rely on third-party intellectual property. Understanding the risks involved, CData has taken every measure to avoid the practice, and as a result, nearly all our drivers carry solely our own IP. For the drivers that use an additional IP, none rely on additional, private software vendors.

Download a free trial today

We have fully documented our commitment to security, SOC-2 attestation, data flows, and other key information in our security kit on our security page.

Ready to dive in? Get started with CData by downloading a free 30-day trial today. Looking to chat about an OEM partnership? Book some time on our calendar!