Hasura Cloud Security

Enterprise grade security in a couple of clicks.

Hasura Cloud is architected to help companies follow the three tenets of Information Security: confidentiality, integrity, and availability. Hasura Cloud undergoes three layers of security scrutiny. As part of our certification process, we undergo routine testing from external agencies to ensure industry standards are maintained. As an open-source software, our internals are exposed for regular scrutiny from our community to ensure components stay current. To incentivize the community for an extra layer of scrutiny, we also offer a path for responsible disclosure through our Hacker One bug bounty program.

Robust authentication and authorization

Hasura Cloud provides enterprise grade authorization that can integrate with your authentication provider of choice. Hasura Cloud provides stateless authorization with JWT controls either through authorization headers, cookies, or webhooks. Being built on Postgres, session based control can always be configured but there are a number of good reasons to prefer stateless authentication.

Security capabilities beyond authentication and authorization

Infosec Tenet One: Confidentiality
Infosec Tenet Two: Integrity
Infosec Tenet Three: Availability

Allow Lists

Define a list of queries and mutations that are approved and execution will be limited to that list. With allow lists, you can limit the queries your users are able to execute.

Access Controls

Provide fine-tuned access controls to ensure the person requesting data is only able to fetch/mutate content they’ve been given permission to access.

Optional Introspection

Disable schema introspection to add an extra layer of obscurity and data structure opaqueness for unauthorized individuals.

Single Tenant Mode, VPC Peering

Hasura Cloud enables a wide range of hosting options covering all possible use-cases, including a hosted, single-tenant mode.

Security Event Logging

Hasura Cloud maintains meticulous logs for security events and does threat-assessment pattern mapping to look for anomalies.

Migration API

The Hasura Cloud migration API ensures that all changes to the Hasura Cloud metadata are observable, recoverable, and enforce eventual consistency.

SSO Access

Hasura Cloud supports modern SSO access patterns, enabling centralized user management.

RBAC Controls

User accounts can be highly scoped based on need-to-access and need-to-know params, ensuring users do not manipulate content or settings outside of their area of responsibility. This includes the ability to limit to analytics only account access, read-only mode, and more.

Multi-Layer Input Validation

It’s no surprise that SQL injection attacks continue to be attack-vector number one for those meaning harm. Hasura Cloud has vigilant processes in places to mitigate this.

Rate Limiting

Hasura Cloud can limit access to any of our managed clusters to ensure balanced and consistent availability for all our customers.

Single Tenant Mode, VPC

Higher availability by reduction of noisy-neighbour effects.

DDOS Monitoring

Hasura Cloud actively monitors for abnormal traffic spikes and has tools in place to mitigate the effects of bad actors.

Cloud Scale

Hasura Cloud is optimized for growth and is able to scale with the most demanding of customers.

Hasura undergoes rigorous compliance audits

Hasura Cloud is SOC 2 Type II Compliant

To achieve our SOC 2 Type II certification, we have implemented an exhaustive list of security controls including technical safeguards like penetration testing by an independent security firm, vulnerability scans and encryption, and process measures such as security training and disaster recovery planning. The audit report is available on request, under an NDA.

Hasura Cloud is HIPAA Compliant

Hasura Cloud’s HIPAA compliance has been audited by an independent third party, and includes controls just as stringent as that of healthcare organizations to protect the privacy, security, and integrity of protected health information (PHI). As part of Hasura Cloud’s Standard plan, we can also sign Business Associate Agreements (BAA) with our customers as needed.

Hasura is Regularly Penetration Tested

We regularly undergo penetration testing by an independent security firm as part of our SOC 2 process and can provide findings to customers as required under NDA.

GDPR compliant

Our offerings are fully GDPR compliant. Read our Privacy Policy.
We are happy to arrange custom DPAs where required.

Get started today with Hasura Cloud

Start for Free

→

PRODUCT

Hasura Product Offerings

GRAPHQL IN PRODUCTION

Caching

Security

Monitoring and Observability

Existing GraphQL APIs

SUPPORTED DATABASES

Postgres

SQL Server

Big Query

COMING SOON

Oracle

MongoDb

MySQL

Elastic

LEARNING RESOURCES

Learn

Blog

Community Events

Contributor Program

Help

Resources

Case Studies

GraphQL Hub

Why Hasura

NEWS

GraphQL & the Data Mesh - developer productivity in an age of exploding data

Oct 13, 2021

Hasura Cloud Office Hours

Join us for Hasura Cloud office hours in November. Every Wednesday at 9:30am PT/ 12:30 pm ET.