Tamr Data Security Program
Security Program Overview
Customer data security is a top priority for Tamr, Inc. (“Tamr”). Customers trust Tamr to safely master their critical, proprietary, and sensitive data across a range of infrastructure and deployment configurations. To securely serve customers, Tamr leverages security protocols and best practices from its cloud partners, widely accepted customer data security frameworks, and internal security practices. The information on this page is intended to provide an overview of Tamr’s security practices, and will be updated regularly to reflect the latest in Tamr security.
Tamr has SOC 2 Type II and CE+ certifications. Tamr also follows the NIST 800-171 framework of security controls.
Technical Security Measures
Data Center Locations
Tamr maintains data centers in multiple regions, including:
- GCP us-east1
- GCP europe-west1
Data Center Security
Tamr hosts its Platform and associated customer data with Google Cloud Platform (GCP). For a detailed description of GCP and its data center security, please refer to GCP’s website.
The Tamr Platform encrypts all data in transit, including:
- Data sent between the customer’s Web browser and Tamr Cloud.
- Data in transit between internal Tamr microservices.
Tamr uses TLS 1.2 or later, which uses strong ciphers and enforces forward security. Tamr also employs industry leading web application firewall and DNS security.
Tamr follows the principles of least privilege, denied by default, and network isolation in its network setup, and leverages industry leading tools to implement these principles.
For the Web Application Firewall (WAF), Tamr leverages Cloudflare. Cloudflare provides protection from external attacks, denial-of-service attacks, DNS attacks, and common OWASP vulnerabilities.
Tamr hosts its infrastructure in GCP, leveraging both Google’s data security safeguards and Tamr’s own tools for protecting the Tamr network. GCP provides firewall rules which only allow traffic from Cloudflare.
Tamr maintains separate subnets for different layers of the architecture and uses intrusion detection systems to further monitor server activity. Tamr uses a managed security service provider (MSSP) which alerts Tamr’s on-call Site Reliability Engineering (SRE) team when anomalous activity is detected.
Tamr routinely patches operating systems and software included in the Platform. Tamr’s intrusion detection system includes anomaly detection and vulnerability scanning for the operating systems, infrastructure, and installed applications.
Tamr Platform Information Security automates patching within 1 hour, where possible, at the operating system level.
The data in the data store is encrypted using GCP encryption capabilities and Tamr-managed keys.
Additionally, the data at rest is encrypted at the file system level and the hardware level, using GCP-provided encryption mechanisms. These mechanisms include splitting data into partitions and encrypting each partition with its own key using AES256. The encryption library incorporates Google’s FIPS 140-2 validated module. More details can be found in this document.
Logical Data Separation
Tamr implements logical isolation of tenant data in the data plane, for example by including tenant ID in the keyspace, or by using a separate table space per tenant. Users must authenticate against a specific tenant, and that tenant information is required for all data plane access.
Tamr maintains system logs for its servers, network, hypervisor, and intrusion detection. Logs are maintained for a minimum of six months. Logging includes common server events including, but not limited to, logins and failed login attempts, privilege escalation, suspect commands, installation of unapproved applications, and external access attempts.
The Tamr Platform logs user activity for 30 days, including the IP address used to access the platform, authentication information, and the details of the activity.
Business Continuity and Disaster Recovery
Tamr has put processes and steps in place to restore critical business operations and Tamr Cloud after a disruption. Tamr has documented its Business Continuity Plan (BCP) and Disaster Recovery Plan (DR). The BCP and DR include processes required to address a number of different disaster scenarios, including application and database outages, natural disasters, fires, pandemics, and data breach.
Contact data and processes are included in the documentation. In case of an outage of the primary communication channel, alternate communication mechanisms also are included in the documentation. Tamr Information Security, in collaboration with other Tamr departments, reviews its Business Continuity and Disaster Recovery Plans annually.
Third Party Penetration Testing
Tamr engages a reputable penetration testing third-party firm to review the Platform for vulnerabilities. Testing includes both network and application vulnerability scans and human penetration testing. Tamr takes a risk-based approach to remediating penetration testing findings and prioritizes all critical and high findings.
Tamr Security Operating Procedures
Tamr is SOC2 Type II Certified and, as such, maintains approved security policies and procedures compliant with SOC2 Type II. Tamr is audited on the SOC2 procedures yearly.
Tamr Information Security enforces these policies and procedures throughout the Tamr organisation. Tamr’s Security Operating Procedures cover:
- Acceptable Use
- System Access
- Asset Management
- Physical Security
- Password Control
- Anti-Virus and Anti-Malware
- Remote and Wireless Access
- Data Security
- Security Incident Management
- On-Boarding and Termination
- Information Security
- Penetration Testing
- Security Risk Assessment
- Vendor Security Assessment
- Disciplinary Process
- Security Configuration Management
- Application Development Standards
These procedures are reviewed annually or more often when needed.
Tamr develops code to the OWASP Top Ten standard. Tamr engineering staff are trained on the OWASP standard and must re-train every year. Tamr application software may not be released without reputable third-party testing that includes OWASP Top Ten test cases for regression testing as part of a release. Tamr includes peer review as part of the code development process.
Tamr follows separation of duties as part of the system development life cycle, separating developers, quality assurance, and release management roles. Developers, support, and quality assurance do not have the ability to update code in a production environment.
Tamr Cloud System Access
Tamr Cloud platform capabilities include support for single sign-on (SSO) and authentication using social identity brokers via platforms like Google.
Tamr denies authorization by default; only customers who have explicitly been granted access to Tamr resources may perform functions in the Tamr Cloud Platform.
Tamr support and administrative access to customer production systems is restricted. Customers must authorize Tamr access. Tamr staff members must have a valid business need such as bugfix or an approved administrative activity.
Network System Access
The Platform maintains a virtual private network (VPN) in front of its hosting vendor network. Access to the VPN requires authenticated access with multi-factor authentication. Tamr maintains RBAC controls over user and group access to servers on each subnet. Qualified Tamr personnel maintain control over the access to these resources. The access is reviewed monthly.
Tamr Information Security restricts access to the customer production network through RBAC controls with the principle of Least Privilege. Staff members must have a valid business need for such access.
No Tamr personnel have access to the hypervisors.
Monitoring and Incident Management
Tamr uses a managed security service provider (MSSP) that alerts Tamr’s on-call Site Reliability Engineering (SRE) team when anomalous activity is detected, and follows standard escalation procedures covering various severity levels.
Tamr will report to the customer any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to their data following determination by Tamr that a breach has occurred.
The initial report will be made to the customer’s security or privacy contact(s) as information is collected or otherwise becomes available to Tamr. The report will include the name and contact information of the Tamr contact from whom additional information may be obtained. Part of the communication will include measures that Tamr will adopt to mitigate the cause of the incident and to prevent future incidents.
Tamr staff play a critical role in designing, developing, implementing and securing the Platform. Tamr Engineering Leadership in cooperation with Tamr Human Resources instructs staff on their responsibilities related to security, privacy, and protection of customer data. Tamr requires all Tamr staff to sign non-disclosure agreements. All Tamr staff must complete security awareness training within 14 days of joining Tamr and recertify annually. Security training requires staff to consent to Tamr Acceptable Use, Information Security Policies, and Privacy Policies.
Tamr staff must submit to a background check as a condition of working for Tamr. Background checks include a check on identity, criminal history, education history and employment history.
Staff who terminate from Tamr have their access to Tamr systems revoked automatically. Tamr automates termination for most systems and has a detailed checklist for each department to remove access from any systems not integrated with the Tamr identity management system. In addition, Tamr performs semi-annual access reviews for privileged and administrator access of critical systems.
Certifications and Audits
Tamr’s current certifications:
- SOC2 TYPE2
Tamr provides customers with additional assurance that it follows its own procedures and the security principles by employing third-party auditors to review and ensure that all the controls are followed and no exceptions are found in the trust services criterias (TSC) established by the AICPA in the SOC2 security framework.
In addition, Tamr is a CE+ certified organization: CE+ is the highest level of certification offered under the Cyber Essentials scheme developed by the UK Government and industry to help protect organizations against common online attacks.
Tamr can grant the customer access to the Tamr Security Program documentation, which may include a copy of Tamr's certification or audit reports performed by an independent third-party of Tamr's information security management system supporting the Offering against the Standards.
Under The HIPAA Security Rule, Tamr aligns its processing with HIPAA requirements for Protected Health Information (PHI) and will look into signing a Business Associate Agreement (BAA) with customers who are subject to HIPAA mandates.
Tamr is not a covered entity under HIPAA rules, and therefore cannot be "HIPAA compliant".
Third Party Security and Privacy Assessment
Tamr conducts an assessment of third-party vendors prior to utilizing vendor services, as part of the Tamr Cloud Platform or used for internal Tamr use. As part of the assessment, Tamr reviews the vendor’s security and compliance reports or the vendor’s responses to a Tamr security assessment questionnaire. Tamr includes security and privacy obligations in its contractual agreements with such third-party vendors that are aligned with contractual obligations of Tamr’s customers as well as Tamr’s own security standards. Tamr conducts a reassessment of third-party vendors annually.
Data Stored by Tamr
Tamr acts as a data processor aligned with the GDPR definition of Data Processor / Data Controllers. The Tamr Mastering platform works on behalf of customers, and while Tamr treats customer data as confidential, customers assign the purpose to the data and decide what data to import and store in Tamr for processing. Once the data is imported into Tamr, Tamr stores it in a highly secure manner (see Technical Security Measures).
Tamr Enrichment service provides customers with capabilities to correct, standardize, or enhance their data. Tamr Enrichment infrastructure does not persist any customer data in any form on any long-term storage devices. The Enrichment infrastructure may utilize caching as a mechanism to improve performance of the system.
Sharing the Security Responsibilities
Tamr Software has the capabilities to authenticate users before access, encrypt data, prevent access by users with inactive accounts, and protect data from various exploits and malicious activities. However, Tamr customers have control of how they interact with Tamr, including management of their users’ access to Tamr, management of locations where their data is imported from or exported to, and configurations of their Data Product. Additionally, Tamr customers maintain responsibility for security of their organization's communication with Tamr Cloud, including customer’s infrastructure stack and user devices, networks, and applications, and the communication layers that connect the company’s internal and external users to Tamr Cloud.
Regardless of where the customer’s responsibilities end and Tamr’s responsibilities start, compliance with the customer’s organizational standards and required regulatory boards is the customer company’s responsibility.