Secure Data Analytics with Sigma
Sigma sits atop your existing cloud database and uses a secure connection to query your data warehouse directly. Sigma writes a query to access the data needed to answer your question and returns the result in the browser.
Sigma provides a single point of access for your data, so you can establish robust data governance, keep report sprawl to a minimum, and restrict access to sensitive information. Administrators can set permissions by team and namespace, and restrict data access directly from the database as well.
We built Sigma with security in mind, which is why we included features like immutable hosts, container checking, and threat detection. At Sigma, we make every effort to provide secure data analytics and ensure our platform is protected at every layer of the stack.
Ensuring our product meets the robust data security needs of our customers is a top priority at Sigma. We’re continuously releasing and iterating to include the newest security features and stay ahead of the ever-changing and evolving threat landscape. We also work directly with customers with unique security or compliance requirements and add these features as needed.
- These are just some of the security features our platform offers customers:
- Fine-grained role-based access control – Control which users have access to what information
- Single sign-on (SSO) – Use SAML, Okta, OneLogin, GSuite, or your favorite iDP
- Row-level security – Limit users to seeing only data that’s relevant to them
Platform and Organizational Security
Sigma invests heavily in having an exceptional security program and ensuring we exceed industry standards. We don’t just buy tools — we make secure data analytics the foundation of everything we do.
Sigma pays for a yearly third-party penetration test, complete with a social engineering/phishing element, done by experts in the industry.
Data Compliance and Privacy
SOC2 Type II
Sigma leverages best practices for security controls as part of our data security program. We work with AICPA-certified, third-party auditors to maintain security compliance including SOC 2 Type II.
Cloud Security Alliance (CSA)
Sigma has completed the CSA’s Consensus Assessments Initiative Questionnaire (CAIQ), which provides a set of questions a cloud consumer may wish to ask to ascertain a solution’s compliance to the Cloud Controls Matrix and CSA best practices.
General Data Protection Regulation (GDPR)
At Sigma, we firmly support GDPR in both practice and philosophy. We work with our customers in the European Economic Area to assure compliance with personal data handling requirements and cross-border transfer requirements under GDPR.
As a processor, we process data on behalf of our customers. We expect that some of our customers will require us to enter into a data processing addendum (“DPA”), per Article 28 of GDPR.
Sigma uses several subprocessors, but the majority of our obligations hinge on our primary subprocessor: Google Cloud Platform. Read more about Google Cloud Platform’s commitment to GDPR here. And for a full list of our subprocessors, click here.
Read more about Google Cloud Platform’s commitment to GDPR here.
And for a full list of our subprocessors, click here.
California Consumer Privacy Act ( CCPA )
Sigma will support any removal request from any state/country as long as it is valid and made by a qualified party. Have a request? Please email us at firstname.lastname@example.org.