Security

Security is of paramount importance at Masthead Data. We build a solution that never reads or accesses company’s actual data, Masthead processes only Google Cloud native logs and metadata to deliver its services. On top of that to ensure we maintain a safe and secure environment we use a variety of industry-standard technologies and practices. We provide regular security awareness training to our employees in both technical and non-technical roles to ensure that security is always given utmost priority and importance. If you have any questions, or concerns, or encounter any issues, please contact us at team@mastheadata.com.

Product Security Features

Masthead is secured by design, the application does not read or edit clients data at any point. Masthead agent is hosted either in client’s Google Cloud project (VPC deployment) or on the Masthead Google Cloud project (SaaS deployment) and collects only aggregate metrics retrieved from logs and metadata. Our team is also strictly adherent to security-centric change management and incident management programs.

To find out more about Masthead’s product architecture and its security, see our security docs.

SSO

We support Google OAuth2.

Data Security

Masthead operates on the principle of least privileges. Masthead does not have access to clients’ data, and nor do users of Masthead can have access to data through the Masthead application.

Collection of Customer Data. Masthead collects and accesses only your metadata, query logs, and does not routinely collect or access Personal Data in the provision of the service. A summary of the data processed for us to provide the service is as follows:

Data Type	Details	Service Account Permissions	Purpose
Metadata	Information about tables, table size (byte count), schemas, data freshness (last modification date) and volume (rows inserted), names and attributes of Looker reports/ dashboards/ looks/ models. These metadata are collected directly from customers Google BigQuery and Looker via APIs only.	1. Google BigQuery: - bigquery.datasets.get - bigquery.tables.get - bigquery.tables.list Documentation 2. Looker: - see_user_dashboards - explore - see_lookml Documentation	Build a data lineage and data dictionary of Google BigQuery, and Looker objects along with schema information in order for Masthead to provide the data observability reports and track table: Freshness, Volume, Schema changes, Deleted tables
Data Observability	History of queries, as well as metadata about them (query, timestamp, service account performing the query, errors and cloud environment errors if any, etc). These metadata are collected from Google BigQuery audit log, which routes to Pub/Sub Topic.	Pub/Sub: - pubsub.subscriptions.consume	Track lineage, usage analytics, and query history to help with troubleshooting pipeline errors and cloud environment errors.
Application Data	Customer accounts, user settings, configurations, IP address, incidents, and other elements necessary to set up the Service.	Google OAuth2	This information is generated as users sign up and interact with the Service and for user authentication.

System And Software Security

The Masthead’s systems are hosted on Google Cloud in some of the most secure data centers on Earth. These data centers are SOC 1&2 and ISO certified, and utilize the most secure physical security technologies, such as biometrics. All facilities are monitored by professional security staff.

All Masthead systems are hardened and regularly updated with the latest security patches.

Auditing & Monitoring

We are currently working on employing a 3rd party security auditing and penetration testing firm at least annually or any time there are major changes to our systems or architecture. This ensures that our internal systems and processes are performing as we believe they are.

We employ multiple real-time monitoring systems with 24/7 alerting to inform us of violations of policy as well as suspicious activity that may indicate a compromise.

SOC 2 Type II

We are working on completing an audit for the Service Organization Control (SOC) 2 Type II report.

Other compliance and security frameworks used

At Masthead, one of our core values is data privacy and security, which largely influenced the tech approach and architecture of Masthead. We are honored to say that Masthead is data secured and privacy-focused by design. Masthead strictly adheres to the General Data Protection Regulation (GDPR), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) and (Health Insurance Portability and Accountability Act) HIPAA frameworks as the solution does not access the data and process only metadata and logs files.