Looker embraces the security community and operates a responsible disclosure program to facilitate security vulnerability reporting.
Business intelligence security is a top priority
We are driven to build a data platform that scales with the exponential growth in volume and demands for data—and meets the growing need, complexity, and importance of data security.
Looker continues to pursue security certifications that matter to our customers. We are proud to announce that we achieved ISO 27001 and SOC 2 Type 2 certification for Google Cloud hosted instances. In addition, Looker has maintained our SOC 2 Type II (AWS) and HIPAA compliance obligations.
Architected for data security from the start
Looker’s data platform sits on top of your existing database, using a secure connection to query your data warehouse directly. Looker writes a query to access the data needed to answer your question, returns the result, and holds the answer in a (configurable) temporary cache.
Because Looker provides a single point of access for your data, you can establish a robust business intelligence governance infrastructure. Everyone within your company can answer their questions while keeping data sprawl to a minimum and access to sensitive information restricted.
Administrators can set granular permissions by user or group and restrict data access from the database level down to the row or column level.
Analyze your data securely where it lives
Ensure your data is safe and secure by limiting its movement
With Looker, queries are made directly against your database, not by moving or extracting data to workbooks, cubes, .csv files, proprietary databases, or desktops. This key Looker differentiator promotes data integrity while keeping data movement to a minimum and access to sensitive information restricted.
A fully configurable caching layer offers the full processing power of your database and its security model—without long-term data storage.
Industry-standard encryption & secure connections
Looker uses AES 256 bit encryption to secure your database connection credentials and cached data stored at rest. Plus, TLS 1.2 is used to encrypt network traffic between users’ browsers and the Looker platform. Selecting many options for securing connections to your database, including IP whitelisting, SSL, SSH, PKI, and Kerberos authentication.
Authentication, access controls, and data governance
For companies that have invested in modern user authentication tools, Looker supports two-factor authentication, integrates with LDAP, and SSO (supporting SAML, OneLogin, and Google Apps).
A layered approach to data governance is of particular value to industries with specialized security requirements and companies with GDPR or other privacy considerations.
Built into the core of Looker’s platform are fine-grained access controls which provide three levels of data governance:
- Model level—limits which models users have access to, which also controls database connections.
- Group level—limits what content users have access to in Looker.
- Role level—sets specific feature functionality and data an individual has access to in Looker.
Comprehensively monitored and fully auditable
Who, what, and when
Because Looker’s data platform provides a single point of contact for employees’ work with your enterprise’s data, it’s easy to track user activity. The platform has out of the box and customizable monitoring tools, in addition to alerting capabilities if predefined events of interest take place.
Model development in Git
Borrowing from software engineering best practices, Looker’s data model is version-controlled in Git. This allows collaboration and iteration with the ability to easily roll back to previous versions if needed to minimize the impact of an unintended error.
Three ways Looker supports GDPR compliance
Architecture
A simpler, transparent architecture for data processing which reduces data sprawl and can comply with GDPR requirements – while providing modern data delivery capabilities and crucial insights to drive business success.
Product
The Looker data platform provides numerous product features to assist with data management, setup, and processes to help you meet data security and privacy GDPR requirements.
Company
Looker’s data security program is designed to ensure that company policies, controls and processes are appropriate to the type of personal data and data processing collected.
Taken directly from: https://looker.com/product/security
Looker (by Google) was named a Challenger in the Gartner 2021 Magic Quadrant for Analytics and Business Intelligence Platforms.
See here why data security is top priority for Looker and how they manage it.
Right now, you can book a FREE Data Health Check here https://calendly.com/andrea-jimenez-innovoco/free-data-health-check and see how secure your data is.