TROCCO's Security Matters
    • PDF

    TROCCO's Security Matters

    • PDF

    Article summary

    On this page, you will find answers to some of the most frequently asked questions we receive regarding TROCCO's security.
    Please refer to our website for our privacy policy.

    TROCCO's Security Matters

    Network Security

    TROCCO data transfer takes place within a virtual private cloud (VPC) environment. In addition, data in transit is basically protected by TLS.

    Retention of data to be transferred

    TROCCO basically does not retain the data to be transferred. However, data may be retained in the following cases

    • When executing the ETL pipeline, data is temporarily stored for the purpose of data transformation. This data is deleted when the container built for the job execution is deleted after the job is completed.
    • If Delete Data Preview isdisabled, the data for the preview will be saved in TROCCO. If you do not want TROCCO to store the data for preview, enable****Delete Data Preview.

    Dedicated Container

    Whenever data is transferred using TROCCO, a new container is created. Thus, the data to be transferred is isolated from other customer data. Once the ETL Job is complete, the container used to execute the Job is deleted.

    User passwords and credentials

    TROCCO uses the AWS Key Management Service (KMS) to encrypt and decrypt data in order to protect sensitive information such as passwords and authentication information. These sensitive information are stored in a database isolated from the Internet.

    Login Status Retention Period

    The retention period for login status is 48 hours.
    After 48 hours from the last time TROCCO was operated, the system will automatically enter a logout state.

    Cloud Hosting Platform

    All of our infrastructure operations and environment hosting is done on Amazon Web Services (AWS). In addition, AWS data centers adhere to the highest security standards, including

    • SOC 1/ISAE 3402, SOC 2, SOC 3
    • FISMA, DIACAP, FedRAMP
    • PCI DSS Level 1
    • ISO 9001, ISO 27001, ISO 27017, ISO 27018

    For more information on AWS security, see AWS Security and compliance.

    Connector

    TROCCO supports a variety of connection methods to enhance security when connecting to Data Source and Data Destination Connectors, as follows

    * AWS PrivateLink is a paid option.

    Company Policy

    We require all employees to adhere to internal security protocols to protect customer data. Regular checks are conducted to ensure that all existing and new employees are in compliance with internal security protocols.

    In addition, strong password management best practices are in place within the company. Employees are required to log in using two-factor authentication when accessing systems related to TROCCO.

    User Access and Authorization

    Role-based access control and user management are supported by the Team function*. The Team feature allows access control settings to be applied to each of the various settings related to ETL Configuration, data processing, workflow, etc.

    * Team functionality is a paid option.

    SSO with SAML authentication*.

    TROCCO supports Single Sign On (SSO) to centrally and securely manage access to accounts. For added security, password login can be disabled. For information on how to set up SSO with SAML, see About SSO with SAML Authentication.

    * SSO with SAML authentication is available for Essential plans and above.

    Authentication Information

    ISO 27001

    We have acquired an Information Security Management System (ISMS) compliant with ISO/IEC 27001:2013.

    AWS ISV Accelerate Program

    TROCCO has passed the AWS Foundational Technical Review. This means compliance with specific guidelines and best practices set forth by AWS. This means that TROCCO is a service committed to securely managing your data and its operations within the AWS ecosystem.

    Supports AWS PrivateLink

    TROCCO is an AWS PrivateLink Ready Partner and has passed AWS technical validation. AWS PrivateLink allows you to build a secure network that connects Data Source and Data Destination without exposing your data to the public Internet. For more information, please visit our AWS Partner page.

    GDPR/SOC 2

    We are currently in the process of obtaining GDPR and SOC 2 compliance.

    Frequently Asked Questions

    What infrastructure and cloud platforms does TROCCO use?

    TROCCO's infrastructure and environment are hosted on Amazon Web Services (AWS).

    Can TROCCO be installed on an on-premise server?

    No. The company is not a member of the National Association of Schools and Colleges of America. TROCCO is a cloud-based SaaS solution and does not support on-premise versions.

    What security protocols or measures does TROCCO employ to prevent outside access to TROCCO's systems?

    There are several firewalls that restrict access to our system from external networks.

    What security standards does TROCCO adhere to?

    Currently, TROCCO is ISO 27001 compliant. We are also in the process of obtaining GDPR/SOC 2 compliance.

    Where can I find TROCCO's privacy policy regarding the handling of personal information?

    Please see our Privacy Policy.

    What connection methods does TROCCO support?

    Various connection methods are supported, including SSH tunnels, AWS System Manager Session Manager, and AWS PrivateLink.

    Does TROCCO support IP permission restrictions?

    Yes. TROCCO allows you to specify the IP addresses from which you can access your account. IP Addresses not Allowed IP Addresses will not be able to access your account.

    What login and authentication methods does TROCCO offer?

    Supports Single Sign On (SSO) using user and password authentication methods and SAML authentication.

    Is two-factor authentication (2FA) supported?

    Yes. Two-factor authentication can be enabled within TROCCO.

    Does TROCCO support SSO?

    Yes. To secure access, you can set up SSO with TROCCO using SAML authentication. Additionally, password login can be disabled for added security.

    Does TROCCO support role-based access control?

    Yes. TROCCO supports role-based access control and user management through its Team feature*. The Team feature allows access control settings to be applied to each of the various settings related to ETL Configuration, data processing, workflow, etc.

    What will TROCCO do in the event of a data breach?

    From the time the service was launched to the present, TROCCO has experienced no data breaches. In the unlikely event of a data breach, it is our policy to immediately notify users and continue to provide updated information as the situation warrants.

    Does TROCCO encrypt data in transit?

    Yes. TROCCO uses a secure TLS connection, depending on Data Setting, to encrypt data between the external Connector and our platform.

    Does TROCCO encrypt stored data?

    Yes. AES256 encryption is enabled in our AWS database.

    Where does TROCCO's data processing take place?

    Currently, TROCCO is built in the following three AWS regions

    • Tokyo Region ( ap-northeast-1 )
    • Mumbai Region ( ap-south-1 )
    • Seoul Region ( ap-northeast-2 )

    Each TROCCO in each region is built independently and does not share infrastructure, environment, or data.
    TROCCO's data processing takes place in the data centers of the respective AWS regions.
    No data handled by the customer is processed in a data center in a different region.

    The number of AWS regions where TROCCO will be built will be expanded in the future.

    Can I choose which region of TROCCO to use?

    Yes.
    For customers in Japan, we will issue an account at TROCCO, which is located in the Tokyo region,
    Of course, it is also possible to issue accounts at TROCCO built in other regions.
    In such cases, please consult with our sales representative or Customer Success before issuing an account.

    How does TROCCO handle credentials and passwords?

    TROCCO uses the AWS Key Management Service (KMS) to encrypt and decrypt data. These sensitive information are stored in a database isolated from the Internet.

    Does TROCCO perform third-party vulnerability assessments?

    Yes. TROCCO regularly conducts third-party vulnerability assessments.

    What should I do if I discover a vulnerability related to TROCCO?

    Please contact your sales representative or Customer Success.


    If you have any other questions about TROCCO's security, please contact us.


    Was this article helpful?