Skip to main content

Security and data access policy

This document outlines what customer data the DoiT Platform accesses, why, and what and how data are stored.

Google Cloud

Note

The permissions are to be granted at the Google Cloud Organization level.

While they allow us to get information about your resources, except the permission for BigQuery Lens Advanced, none of them give us access to your data.

Core functionality

Below is the minimum set of read-only permissions we need for features in DoiT Platform.

Permissions to get information about your Google Cloud resource hierarchy and correlate it with billing:

resourcemanager.organizations.get
resourcemanager.organizations.getIamPolicy
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.projects.get
resourcemanager.projects.list
compute.addresses.list
compute.disks.get
compute.disks.list
compute.images.get
compute.images.list
compute.instances.get
compute.instances.list
compute.projects.get
compute.regions.get
compute.regions.list
compute.snapshots.get
compute.snapshots.list
compute.zones.get
compute.zones.list
compute.commitments.get
compute.commitments.list

Permissions to check the status (and enable if required) Google Cloud APIs (e.g., Recommender API):

serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
serviceusage.services.use

Sandboxes for Google Cloud

Permission required for Sandbox functionality:

resourcemanager.projects.create

Google Cloud Rightsizing

Permissions required to provide you with Rightsizing Recommendations for your Google Compute Engine instances across your organization:

recommender.computeInstanceMachineTypeRecommendations.list
compute.instances.list

Permissions required to implement Rightsizing recommendations:

compute.instances.setMachineType
compute.instances.stop
compute.instances.start

BigQuery Lens

Why does BigQuery Lens need permissions at the organization level?

The BigQuery Lens creates an audit log sink at the organization level to monitor and analyze logs across projects. We do not support fetching logs from project-level sinks.

These permissions allow the BigQuery Lens to access the structure of your projects, datasets, and tables in order to show the costs and optimization recommendations on the dashboard with resources names. Except the permission for BigQuery Lens Advanced, none of them give us access to your BigQuery data.

BigQuery Lens permissions are grouped into several categories.

BigQuery Lens

Permissions required to get cost optimization recommendations for BigQuery environment:

PermissionDescription
bigquery.datasets.createCreate new empty datasets.
bigquery.datasets.getGet metadata and permissions about a dataset.
bigquery.tables.getGet table metadata.
bigquery.tables.listList tables and metadata on tables.
bigquery.jobs.getGet data and metadata on any job.
bigquery.jobs.listList all jobs and retrieve metadata on any job submitted by any user. Details and metadata for jobs submitted by other users are redacted.
bigquery.jobs.listAllList all jobs and retrieve metadata on any job submitted by any user.
bigquery.jobs.createRun jobs (including queries) within the project.
bigquery.routines.listList routines and metadata on routines.
bigquery.routines.getGet routine definitions and metadata.
logging.sinks.createCreate new sinks in Cloud Logging.
logging.sinks.getGet information about sinks in Cloud Logging.

BigQuery Lens Editions

Additional permissions required for BigQuery Lens to work with Google BigQuery editions.

PermissionDescription
bigquery.capacityCommitments.listQuery the INFORMATION_SCHEMA.CAPACITY_COMMITMENTS view for all current capacity commitments in a project.
bigquery.capacityCommitments.getRetrieve the capacity commitment in a project.
bigquery.reservations.listQuery the INFORMATION_SCHEMA.RESERVATIONS view for a list of all slot reservations in a project.
bigquery.reservations.getRetrieve details about a slot reservation.
bigquery.reservationAssignments.listQuery the INFORMATION_SCHEMA.ASSIGNMENTS view for all reservation assignments in a project.
bigquery.reservationAssignments.searchFind a reservation assignment for a given project, folder, or organization.

BigQuery Lens Insights

Permissions required to get additional BigQuery Lens Insights.

PermissionDescription
recommender.bigqueryCapacityCommitmentsInsights.get
recommender.bigqueryCapacityCommitmentsInsights.list
recommender.bigqueryCapacityCommitmentsRecommendations.get
recommender.bigqueryCapacityCommitmentsRecommendations.list
Access cost-optimal commitment slots recommendations.
recommender.bigqueryMaterializedViewInsights.get
recommender.bigqueryMaterializedViewInsights.list
recommender.bigqueryMaterializedViewRecommendations.get
recommender.bigqueryMaterializedViewRecommendations.list
Access materialized view recommendations.
recommender.bigqueryPartitionClusterRecommendations.get
recommender.bigqueryPartitionClusterRecommendations.list
recommender.bigqueryTableStatsInsights.get
recommender.bigqueryTableStatsInsights.list
Access partition and cluster recommendations.

BigQuery Lens Advanced

Permissions required to get advanced recommendations.

PermissionDescription
bigquery.tables.getDataGet table data. This permission is required for some processes that query the INFORMATION_SCHEMA views to gather information about your tables and issue recommendations based on that.

Amazon Web Services

The sections below list the permissions we require to your AWS account.

Core functionality

Below is the minimum set of read-only permissions we need for features in DoiT Platform.

Permissions required to access the billing data and the security posture of your AWS account:

arn:aws:iam::aws:policy/SecurityAudit
arn:aws:iam::aws:policy/AWSSavingsPlansReadOnlyAccess
arn:aws:iam::aws:policy/job-function/Billing

AWS quota monitoring

Permissions required to proactively monitor your AWS Quotas:

support:DescribeTrustedAdvisorCheckSummaries
support:DescribeTrustedAdvisorCheckRefreshStatuses
support:DescribeTrustedAdvisorChecks
support:DescribeSeverityLevels
support:RefreshTrustedAdvisorCheck
support:DescribeSupportLevel
support:DescribeCommunications
support:DescribeServices
support:DescribeIssueTypes
support:DescribeTrustedAdvisorCheckResult
trustedadvisor:DescribeNotificationPreferences
trustedadvisor:DescribeCheckRefreshStatuses
trustedadvisor:DescribeCheckItems
trustedadvisor:DescribeAccount
trustedadvisor:DescribeAccountAccess
trustedadvisor:DescribeChecks
trustedadvisor:DescribeCheckSummaries

Spot Scaling

Spot Scaling analyzes your Auto Scaling Groups based on cost and usage and get recommendations to replace On-Demand EC2 instances with Spot instances.

ec2:Describe*
ec2:CreateLaunchTemplate
ec2:CreateLaunchTemplateVersion
ec2:ModifyLaunchTemplate
ec2:RunInstances
ec2:TerminateInstances
ec2:CreateTags
ec2:DeleteTags
ec2:CreateLaunchTemplateVersion
ec2:CancelSpotInstanceRequests
autoscaling:CreateOrUpdateTags
autoscaling:UpdateAutoScalingGroup
autoscaling:Describe*
autoscaling:AttachInstances
autoscaling:BatchDeleteScheduledAction
autoscaling:BatchPutScheduledUpdateGroupAction
cloudformation:ListStacks
cloudformation:Describe*
iam:PassRole
events:PutRule
events:PutTargets
events:PutEvents

Ava security compliance

Ava, our generative AI chatbot, is designed with top-tier security measures to ensure the confidentiality, integrity, and availability of customer data.

OpenAI organization subscription

Our organization holds an enterprise subscription with OpenAI, providing us with additional layers of security and control:

  • Enhanced security measures: Extra layers of security protocols exclusive to enterprise subscribers.

  • Dedicated data hub: All the data processed by Ava is stored in a private, secure data hub, ensuring that it cannot be accessed or leaked by unauthorized parties. Additionally, we never submit the data for training purposes by OpenAI.

Customer data handling

Billing Data

For the generation of Cloud Analytics reports:

  • Authentication requirement: Billing data can only be accessed and generated by customers who are logged in through our secure authentication system.

  • API security: We leverage existing Cloud Analytics APIs that ensure data is securely processed and cannot be breached or accessed by unauthorized users.

Customer context and asset management

For customer-specific context, assets, and general information:

  • Vector database usage: We utilize a vector database to store and embed customer data securely, according to the customer's usage and relevance.

  • Data segmentation: Each customer's data is isolated using robust filtering mechanisms, ensuring that customers cannot access or view each other's data.

By adhering to these security practices, Ava ensures that all customer data is handled with the highest level of security, preventing unauthorized access and maintaining data integrity across all operations.

Privacy and data protection

What we store

We only store data required for DoiT Platform functionality.

  • Cloud Billing exports — required for core Billing functionality; stored in BigQuery

  • User information — required for core DoiT Platform functionality; stored in Firestore

  • Assets created via using DoiT console (Invoices, Billing Profiles, etc.) — required for core DoiT Platform functionality; stored in Firestore

  • Contracts — required for core DoiT Platform functionality; stored in Google Cloud Storage

  • Service Account Keys — required for BigQuery Lens; stored in Firestore and encrypted with KMS

How we handle and store your data

All data we handle are encrypted in transit using industry-standard protocols like HTTPS (TLS).

All data we store are encrypted at rest:

  • Google BigQuery — using Google-managed encryption keys and Advanced Encryption Standard (AES)

  • Google Firestore — using Google-managed encryption keys and AES

  • Google Cloud Storage — using Google-managed encryption keys and AES

  • Service Account Keys — encrypted using Google Cloud KMS and stored in Google Secret Manager

Who can access your data

DoiT employees in customer-facing roles, such as Account managers and Support engineers, can access your data in the DoiT Platform. A small team of core DoiT Platform developers is able to access your data directly in the underlying storage.

Service Account keys are used only by backend systems to retrieve relevant data from Google Cloud. Only a small team of core DoiT Platform developers has access to the KMS keys.

Third parties

With the exceptions listed below required for core DoiT Platform functionality, we do not provide your data to any third-party.

  • DoiT Platform Support — We use Zendesk as a backend for our support request system. Ticket-related data are stored in Zendesk and retrieved using Zendesk APIs [1].

  • Payments — We use Stripe for payments. All payment-related data (such as Credit card or bank account details) are stored in the Stripe platform and used via Stripe APIs [2].

Compliance

Our products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards. We're constantly working to expand our coverage.

  • EU and GDPR Compliance — we have customers in the European Economic Area and we handle data in compliance with the General Data Protection Regulation (GDPR) [3].

  • The SOC 2 and SOC 3 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The report evaluates an organization's information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

  • ISO/IEC 27001 outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.

The DoiT Platform ISO/IEC 27001 and SOC 2/3 certificates may be requested via trust.doit.com.

External references