Which security and authentication model does VaultSpeed apply?

April 5th, 2022

Jonas De Keuster

VaultSpeed is built around what we call a ‘four pillars’ security model.

1. Only metadata

VaultSpeed is an automation tool that harvests metadata from multiple sources to build a unified Data Vault model.

VaultSpeed captures metadata to provide a clear overview of what type of data is stored where. For example, what data are stored in which source to understand purchase behavior — such as customers, products, services, stores or contact channels. Based on this metadata, our tool suggests a data model that contains ‘person’, ‘place’ and ‘product’ and their relationship.

The DDL and ETL code that our automation tool then generates will dictate how the Data Vault model must be built and provide the loading instructions of who bought what where. However, we never see the data variables: we’ll never know that “Person X bought Product A in Store 2.” In other words, your data is 100% safe, because our solution doesn’t touch it. We only deal with metadata, not the actual data.

But even metadata should be handled with care. That’s why we provide several security layers and controls.

2. Hybrid cloud architecture

VaultSpeed applies a hybrid cloud architecture.

The core of our product runs in the cloud, but we provide a separate, secure Java agent to harvest metadata, deploy code and handle all communication between your data infrastructure and our cloud.

This agent must be installed within your network and must have access to both data sources and data warehouse infrastructure. A customer’s data infrastructure can reside in the cloud, third party cloud or on premises.

All actions in VaultSpeed are added to a task queue where they await execution. The local agent uses a polling mechanism to check for new tasks at regular intervals. This means that it’s always the local agent that initiates communications with VaultSpeed’s cloud environment,

3. Secure authentication

Both VaultSpeed users and local Java agents need to authenticate to VaultSpeed’s cloud.

VaultSpeed’s authentication module uses the Oracle Identity Cloud Service (IDCS). VaultSpeed inherits the strong Oracle IDCS security controls such as strong password management, authentication rules, multi-factor authentication and session federation.

The common industry-standard methodology to securely convey sessions between on-premises and cloud applications is to implement market federation standards such as SAML to federate identities and enable SSO. Oracle IDCS acts as a federation hub that can be used to allow secure access to VaultSpeed’s cloud by exchanging identity information securely. Custom session configuration setups in IDCS, such as federation, are only supported by the VaultSpeed dedicated instance.

4. Role-based access control (RBaC)

After authentication, authorization is granted. Segregation of duty is important to VaultSpeed. That’s why we are currently developing RBaC. This will allow project administrators to determine fine-grained access to source setup, Data Vault setup, code generation, code deployment, metadata export and many other key areas in the VaultSpeed application. Enabling our customers to introduce a proper governance model for any type of Data Vault development project.

The essential buyer's guide to Data Vault automation

Understand what the best criteria are to evaluate data warehouse automation solutions.

Spread the word