Security and Compliance

Designed by security industry veterans, the Monte Carlo platform can meet stringent privacy and security standards.

Highlights

  • Data never leaves your environment. Monte Carlo only extracts metadata, query logs and aggregated statistics. In particular, no individual records or PII are ever taken out of your environment.
  • Monte Carlo uses read-only access via APIs and/or dedicated service accounts, and allows granular permissions to datasets of your choice
  • Monte Carlo's hybrid architecture allows you to run its collector on your own cloud infrastructure so you never have to expose any of your data warehouses, data lakes and BI tools to Monte Carlo's cloud
Architecture overviewArchitecture overview

Architecture overview

Compliance

  • Monte Carlo will provide a SOC 2 Type 2 report upon request (Security, Availability and Confidentiality criteria)
  • Monte Carlo will sign NDAs and/or DPAs where appropriate
  • Monte Carlo does not process PII/PHI and therefore supports HIPAA, PCI, GDPR, CCPA and other compliance frameworks

Security and privacy practices

Monte Carlo's team implements industry best practices across the board to protect the security of its application, and the data privacy of its customers. The following are only some of the elements of our security program and system architecture:

  • Monte Carlo will only collect metadata, logs, and metrics for the sole purpose of identifying data reliability issues. Your information will only be used to generate your own reports and will not be shared with any external parties.
  • Processing is conducted on secure servers hosted on Amazon Web Services. All storage systems are encrypted, and all servers are tightly access controlled and audited. Data is encrypted in-transit at all times.
  • In cases where debugging or maintenance work is required, a minimal number of engineers will be permitted to access the data necessary for this purpose. All engineers use encrypted laptops and are required to remove data from their devices when their debugging session is complete. Laptop security policies are enforced using MDM.
  • Monte Carlo will access your environment from a single source IP dedicated to you, allowing you to protect access to your data resources at the network level.
  • An annual penetration test is performed to validate Monte Carlo's posture and identify vulnerabilities. First test report is expected in January 2021.
  • Monte Carlo's service runs on highly available and highly redundant cloud services, mostly on Amazon Web Services in the US East 1 region.
  • Access to all critical systems and production environments is protected using strong passwords and multi-factor authentication. Where possible, SSO is used for centralized access control. Access is reviewed prior to being granted and then periodically thereafter.

Information Monte Carlo collects

The following information may be processed and stored by Monte Carlo's cloud application:

Information

Details

Purpose

Metadata

Names of tables, fields, field types, names and attributes of BI reports/dashboards and other such metadata.

Build a catalog of warehouse, lake and BI objects along with schema information

Metrics

Row counts, byte counts, last modification date and other similar table-level metrics

Track freshness, volume and other health metrics

Query logs

History of queries, as well as metadata about them (timestamp, user performing the query, errors if any, etc).

Track lineage, usage analytics and query history to help with troubleshooting and prevention use cases.

Aggregated, anonymized statistics

Aggregated statistical measures of the data in selected tables, based on opt-in. Statistics may include null rates, distinct values, row counts, percentiles, and other similar metrics.

Track data health and corruption using ML-based anomaly detection as well as customer-provided rules.


What’s Next

Now let's get started! Step one is to deploy the Data Collector

Did this page help you?