Secure Data Analytics with Sigma
Sigma sits atop your existing cloud database and uses a secure connection to query your data warehouse directly. Sigma writes a query to access the data needed to answer your question and returns the result in the browser.
Sigma provides a single point of access for your data, so you can establish robust data governance, keep report sprawl to a minimum, and restrict access to sensitive information. Administrators can set permissions by team and namespace, and restrict data access directly from the database as well.
We built Sigma with security in mind, which is why we included features like immutable hosts, container checking, and threat detection. At Sigma, we make every effort to provide secure data analytics and ensure our platform is protected at every layer of the stack.
Product Security
Ensuring our product meets the robust data security needs of our customers is a top priority at Sigma. We’re continuously releasing and iterating to include the newest security features and stay ahead of the ever-changing and evolving threat landscape. We also work directly with customers with unique security or compliance requirements and add these features as needed.
- These are just some of the security features our platform offers customers:
- Fine-grained role-based access control – Control which users have access to what information
- OAuth for Snowflake – Easy for Sigma to leverage data permissions established in Snowflake
- Single sign-on (SSO) – Use SAML, Okta, OneLogin, GSuite, or your favorite iDP
- Row-level security – Limit users to seeing only data that’s relevant to them
- AWS PrivateLink – Traffic between Sigma and the CDW stays on an AWS private connection
Platform and Organizational Security
Sigma invests heavily in having an exceptional security program and ensuring we exceed industry standards. We don’t just buy tools — we make secure data analytics the foundation of everything we do.
Application
Infrastructure
Network
Endpoints
General
Sigma pays for a yearly third-party penetration test, complete with a social engineering/phishing element, done by experts in the industry.
Data Security, Privacy and Compliance
At Sigma, ensuring we meet the data security, privacy and compliance needs of our customers is core to our business. Meeting and exceeding these standards is a shared value for all employees within our company. If you have any compliance or privacy questions, please contact us at compliance@sigmacomputing.com.
HIPAA
Sigma has completed a Health Insurance Portability and Accountability Act (HIPAA) third-party attestation. This assures that Sigma has a HIPAA compliance program with proper controls in place for safeguarding protected health information (PHI). Sigma will sign a Business Associate Agreement (BAA) with our healthcare customers.
SOC 1 Type II
Sigma has completed a SOC 1 Type II report to validate our process and controls around financial reporting. This ensures that our customers can have confidence in Sigma and our platform for many years to come.
SOC2 Type II
Sigma leverages best practices for security controls as part of our data security program. We work with AICPA-certified, third-party auditors to evaluate our information security system controls.
SOC 3
Sigma maintains an SOC 3 report which is the public report of security controls. It is a summarized version of the SOC 2 report and provides validation that Sigma has completed an independent third-party audit against the AICPA’s Security Trust Principles. You can download the report here.
Cloud Security Alliance (CSA)
Sigma has completed the CSA’s Consensus Assessments Initiative Questionnaire (CAIQ), which provides a set of questions a cloud consumer may wish to ask to ascertain a solution’s compliance to the Cloud Controls Matrix and CSA best practices.
General Data Protection Regulation (GDPR)
At Sigma, we firmly support GDPR in both practice and philosophy. We work with our customers in the European Economic Area to assure compliance with personal data handling requirements and cross-border transfer requirements under GDPR.
As a processor, we process data on behalf of our customers. We expect that some of our customers will require us to enter into a data processing addendum (“DPA”), per Article 28 of GDPR.
Sigma uses several subprocessors, but the majority of our obligations hinge on our primary subprocessor: Google Cloud Platform. Read more about Google Cloud Platform’s commitment to GDPR here. And for a full list of our subprocessors, click here.
California Consumer Privacy Act (CCPA)
Privacy Shield
Sigma complies with the EU-US and Swiss-US Privacy Shield frameworks as set forth by the US Department of Commerce with respect to the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, Switzerland, and the United States. Sigma has certified with the Department of Commerce that we adhere to the Privacy Shield principles. For more information about the Privacy Shield program, and to view Sigma’s Privacy Shield certification, please visit https://www.privacyshield.gov/list.
Bug Bounty Program
If you believe you have found a security vulnerability or would like more information about our program, please send an email to security@sigmacomputing.com for an invitation to our private bug bounty program.