Secure Data Analytics with Sigma

Sigma sits atop your existing cloud database and uses a secure connection to query your data warehouse directly. Sigma writes a query to access the data needed to answer your question and returns the result in the browser.

Sigma provides a single point of access for your data, so you can establish robust data governance, keep report sprawl to a minimum, and restrict access to sensitive information. Administrators can set permissions by team and namespace, and restrict data access directly from the database as well.

We built Sigma with security in mind, which is why we included features like immutable hosts, container checking, and threat detection. At Sigma, we make every effort to provide secure data analytics and ensure our platform is protected at every layer of the stack.

Product Security

Ensuring our product meets the robust data security needs of our customers is a top priority at Sigma. We’re continuously releasing and iterating to include the newest security features and stay ahead of the ever-changing and evolving threat landscape. We also work directly with customers with unique security or compliance requirements and add these features as needed.

  • These are just some of the security features our platform offers customers:
  • Fine-grained role-based access control – Control which users have access to what information
  • OAuth for Snowflake – Easy for Sigma to leverage data permissions established in Snowflake
  • Single sign-on (SSO) – Use SAML, Okta, OneLogin, GSuite, or your favorite iDP
  • Row-level security – Limit users to seeing only data that’s relevant to them
  • AWS PrivateLink – Traffic between Sigma and the CDW stays on an AWS private connection

Platform and Organizational Security

Sigma invests heavily in having an exceptional security program and ensuring we exceed industry standards. We don’t just buy tools — we make secure data analytics the foundation of everything we do.

Application

Web application firewall
Sigma uses a web application firewall that receives automatic updates to help keep us protected against the latest web application attacks.
Static code analysis
Code is automatically checked for potential vulnerabilities for every commit.
Third-party library vulnerability checking
We check the libraries we use for vulnerabilities and keep them updated at all times.
Credential checking
We check code commits for credentials to ensure they’re not being merged into our code repository.
Peer review
Every commit into the master branch requires a code review before being merged. Each code review is done by a senior engineer.

Infrastructure

Shared responsibility with GCP and AWS
We use cloud providers with extensive data security, compliance, and privacy programs.
High availability
Sigma runs its clusters in multi-zone deployments to ensure high availability in case of a data center or network outage.
Immutable hosts
Our underlying infrastructure is immutable, which means nothing can be installed or changed on these hosts.
Threat detection
Sigma uses the latest cloud security products to check for threats against our infrastructure.
Anomaly detection
We use rules and machine learning to look for anomalies happening in our cloud infrastructure and spot any potential security threats.
Configuration checking
We check our cloud configurations in real time to ensure they are meeting our standards and are always secure.

Network

Encryption in transit (TLS 1.2 Min)
Encryption is enforced between clients and Sigma and all components of the Sigma platform using at least TLS 1.2.
DDoS protection
We utilize multiple layers of DDoS protection from leading providers in the industry.
DNSSEC
Sigma uses DNSSEC to prevent DNS spoofing / hijacking, and we sign all of our zones including development and production.
Spoofing protection
Network spoofing is blocked internally and across all instances.
No connectivity between production and office networks
We do not connect our cloud networks to our office networks. We keep them separate to ensure our office network never affects our production network.

Endpoints

Mobile device management
All Sigma assets are managed assets and enforce our security policies.
Endpoint detection response
We use the latest endpoint security tools in EDR, which go beyond simple anti-virus alerting and allow us to see the details around any potential compromises.
Advanced persistent threat detection
We scan packages for the latest APT indicators and sandbox those packages to ensure they’re not a threat.
DNS filtering
We filter DNS for malicious (malware/phishing/etc.) requests that could harm our employees or infrastructure.

General

Third-party penetration test

Sigma pays for a yearly third-party penetration test, complete with a social engineering/phishing element, done by experts in the industry.

Annual security training
We make all employees complete extensive annual security training that covers over 13 different subject areas.
Quarterly phishing tests
We phish our employees regularly to help keep security top of mind and teach them how to easily spot phishing emails.
If you have any questions about our security or would like to report a security issue, please email us at security@sigmacomputing.com.

Data Security, Privacy and Compliance

At Sigma, ensuring we meet the data security, privacy and compliance needs of our customers is core to our business. Meeting and exceeding these standards is a shared value for all employees within our company. If you have any compliance or privacy questions, please contact us at compliance@sigmacomputing.com.

HIPAA

Sigma has completed a Health Insurance Portability and Accountability Act (HIPAA) third-party attestation. This assures that Sigma has a HIPAA compliance program with proper controls in place for safeguarding protected health information (PHI). Sigma will sign a Business Associate Agreement (BAA) with our healthcare customers.

SOC 1 Type II

Sigma has completed a SOC 1 Type II report to validate our process and controls around financial reporting. This ensures that our customers can have confidence in Sigma and our platform for many years to come.

SOC2 Type II

Sigma leverages best practices for security controls as part of our data security program. We work with AICPA-certified, third-party auditors to evaluate our information security system controls.

SOC 3

Sigma maintains an SOC 3 report which is the public report of security controls. It is a summarized version of the SOC 2 report and provides validation that Sigma has completed an independent third-party audit against the AICPA’s Security Trust Principles. You can download the report here.

Cloud Security Alliance (CSA)

Sigma has completed the CSA’s Consensus Assessments Initiative Questionnaire (CAIQ), which provides a set of questions a cloud consumer may wish to ask to ascertain a solution’s compliance to the Cloud Controls Matrix and CSA best practices.

General Data Protection Regulation (GDPR)

At Sigma, we firmly support GDPR in both practice and philosophy.  We work with our customers in the European Economic Area to assure compliance with personal data handling requirements and cross-border transfer requirements under GDPR. 

As a processor, we process data on behalf of our customers.  We expect that some of our customers will require us to enter into a data processing addendum (“DPA”), per Article 28 of GDPR.  

Sigma uses several subprocessors, but the majority of our obligations hinge on our primary subprocessor: Google Cloud Platform. Read more about Google Cloud Platform’s commitment to GDPR here. And for a full list of our subprocessors, click here.

California Consumer Privacy Act (CCPA)

Sigma will support any removal request from any state/country as long as it is valid and made by a qualified party. 
For information on how to exercise your rights or if you are an authorized agent wishing to exercise rights on behalf of a California resident, please use this link 

Privacy Shield

Sigma complies with the EU-US and Swiss-US Privacy Shield frameworks as set forth by the US Department of Commerce with respect to the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, Switzerland, and the United States. Sigma has certified with the Department of Commerce that we adhere to the Privacy Shield principles. For more information about the Privacy Shield program, and to view Sigma’s Privacy Shield certification, please visit https://www.privacyshield.gov/list.

Bug Bounty Program

If you believe you have found a security vulnerability or would like more information about our program, please send an email to security@sigmacomputing.com for an invitation to our private bug bounty program.