Private Data
When working with private data, it is critical to control where data is stored and processed. Restrictions are often imposed by organizations' security and privacy policies, but they may also be caused by other factors such as data license limitations or simply the sheer size of customer data.
Studio offers multiple solutions for private data access offering increasing degrees of isolation.
Access Model | Description |
---|---|
Studio Cloud | Store your data securely in the Studio Cloud |
Data Connectors | Data connectors load data directly from your trusted cloud provider, without saving or caching it in the Studio cloud |
Studio Server | Hosted server components load data from your trusted cloud provider, without ever exposing it to Studio. |
Studio On-Prem | Load data from your private infrastructure. |
Note that while it is possible to completely isolate your data from Studio, this is not a full on-prem offering. The customer needs to be storing data in a trusted major cloud storage provider, and be willing to grant at least some minimal level of trust to the Studio platform (so that it can execute queries on behalf of the customer or run Studio server components in the customer's cloud).
Studio Cloud
The Studio platform allows users to upload your geospatial data to the Studio cloud. Your data is stored securely by Studio. This option is a common choice for users that do not have special constraints on their data.
- Studio stores your data on major cloud providers such as Google Cloud Storage and AWS S3
- Your data is associated with your user id and organization id and can only be accessed by properly authenticated users or using Data SDK access tokens issued by your organization.
- Studio employees do not look at private customer data without prior permission from the customer.
Data Connectors
If your organization is already storing data using a major cloud provider (such as AWS), cloud database, or data warehouse (such as Snowflake), you can configure Studio data connectors to query data directly from the specific cloud services.
In this scenario, your store the access tokens for your cloud securely in the Studio platform, and then data is queried from your cloud whenever needed. While the data is still technically visible to the Studio cloud, your data is not stored in the Studio Platform, and instead just streamed directly to the user.
Studio Server
Studio is developing server components that can be run directly in your cloud or data warehouse. In this model, your data is streamed directly from your cloud to your end-user. Studio does not (and is not able to) see your data. However, you are responsible for installing and configuring the server components. Contact us for more information on this setup.
Studio On-Prem
The Studio platform does not yet offer a fully on-prem version of Studio's platform services (i.e. running Studio Server components on a customer's own hardware). Studio does offer an on-prem version of our visualization stack; however, it requires deep integration and only supports specific use cases. Contact us for more information.
Privacy Considerations
The Studio platform lets users export data and publish maps linking to data, and it is important to understand that when using these features users may share data even if it was originally privately stored.
Users in a private data environment should be extra careful when publishing and sharing a map that references a private data source, or when exporting data from your maps as it may expose private data from your cloud.
Updated 9 months ago