Security Overview

This page provides an overview and frequently asked questions regarding security for trocco.
For our privacy policy, please see our website.

Security Overview

Network Security

Data routing in trocco occurs within Virtual Private Cloud (VPC) environment. Additionally, when enabled for supported connectors, your data during transit is safeguarded with Transport Layer Security (TLS) encryption.

Data Retention

There are some cases where trocco may retain customer data for functionality purposes.

• When running an ETL pipeline, trocco temporarily stores data for transformation purposes. This data is deleted after the job completes, as the container built to run the job is deleted.
• Data for preview purposes is stored in trocco if Deleting Preview Data in the settings is disabled. If you don't want trocco to store preview data for your ETL pipeline, you can enable Delete Preview Data in the settings.

Dedicated Containers

Each time you transfer data using trocco, a new container is generated, meaning your data is isolated from other customer data. After the transfer is complete, the container used to run the job is deleted.

User Passwords and Credentials

To safeguard your sensitive information, such as passwords and credentials, trocco uses AWS Key Management Service (KMS) for encryption and decryption. This information is stored in a database isolated from the Internet.

Limited Period to Keep Your Login Status

The login status will be kept for 48 hours.
After 48 hours from the last time you used trocco, you will be automatically logged out.
This minimizes the risk of unauthorized use of your account by a third party.

Cloud Hosting Platform

We run our infrastructure and host our environments on Amazon Web Services (AWS). AWS data centers comply with the highest security standards, such as:

• SOC 1/ISAE 3402, SOC 2, SOC 3
• FISMA, DIACAP, FedRAMP
• PCI DSS Level 1
• ISO 9001, ISO 27001, ISO 27017, ISO 27018

For further details, please see the AWS Security and compliance documentation.

Connectors

trocco supports a range of connection methods to enhance security when connecting to source and destination connectors. These include:

• AWS System Manager Session Manager
• AWS PrivateLink* (currently, only available in Tokyo region (ap-northeast-1))
• SSH Tunneling

* denotes features that are paid option add-ons.

Company Policies

We require all employees to adhere to internal security protocols to safeguard customer data. Routine checks are in place to confirm that all existing and new employees comply with our internal security protocols.

Strong password management best practices are in place, and two-factor authentication is required to access trocco’s systems.

User Access and Permissions*

Role-based access control and user management are supported through our Teams feature. With this feature, you can set permissions at an individual configuration level for ETL/ELT pipelines, transformations, workflows, etc.

* denotes features that are paid option add-ons.

SAML Single Sign-On (SSO)*

trocco supports SSO for a centralized and secure way to manage your access. Additionally, you can disable password login for an extra layer of security. See our About SSO with SAML Authentication documentation to learn how to configure SSO with SAML in trocco.

* denotes features that are paid option add-ons.

Certifications

ISO 27001

trocco has acquired the Information Security Management System (ISMS) certification and complies with ISO/IEC 27001:2013.

AWS ISV Accelerate Program

trocco has cleared the AWS Foundational Technical Review, meaning that we comply with the specific guidelines and best practices set by AWS, and that our service is committed to maintaining a secure environment for customer data and operations within the AWS ecosystem.

AWS PrivateLink Ready

trocco is an AWS PrivateLink Ready Partner, meaning we have passed a technical validation from AWS. With AWS PrivateLink, you can set up a secure network to connect with your data sources and destinations without exposing your data to the public internet in trocco. For further information, see our AWS Partner page.

GDPR/SOC 2

We are currently undergoing the process of acquiring GDPR and SOC 2 compliance.

FAQ

What infrastructure or cloud platform is trocco using?

trocco’s infrastructure and environments are hosted on Amazon Web Services (AWS).

Can trocco be installed on our on-premise servers?

No, trocco is a cloud-based SaaS solution and does not support an on-premise version.

What security protocols and measures does trocco employ to safeguard from external access to its systems?

trocco has several firewalls that restrict access to our systems from external networks.

What security standards does trocco comply with?

Currently, trocco complies with ISO 27001 and is in the process of acquiring GDPR/SOC 2 compliance.

Where can I find trocco’s privacy policy on handling personal information?

Please see our privacy policy page.

What connection methods does trocco support?

We support various connection methods, including SSH, AWS System Manager Session Manager, and AWS PrivateLink.

Does trocco support IP Allowlisting (Whitelisting)?

Yes, in trocco you can specify the IP addresses that can access your account. IP addresses that are not set cannot access your account.

What login/authentication methods does trocco provide?

We support SAML SSO and username/password authentication methods.

Is two-factor authentication (2FA) supported?

Yes, it is possible to enable two-factor authentication within trocco.

Does trocco support SSO?

Yes, you can configure SAML SSO authentication in trocco for a secure way to manage your access. Additionally, you can disable password login for an extra layer of security.

Does trocco support role-based access control?

Yes, trocco provides role-based access control through the Teams feature add-on. This feature enables you to set permissions at an individual configuration level for ETL/ELT pipelines, transformations, workflows, etc.

How would trocco handle a data breach?

To date, trocco has not experienced a data breach. If one occurs, our policy is to notify users immediately, then continue to provide updates as the situation unfolds.

Does trocco encrypt data in transit?

Yes, trocco uses a secure TLS connection to encrypt data between your external connectors and our platform.

Does trocco encrypt data at rest?

Yes, encryption is enabled in our AWS database using AES256 Encryption.

Where does the data processing for trocco occur?

Currently, trocco is hosted in the following two AWS regions.

• Tokyo Region (ap-northeast-1)
• Mumbai Region (ap-south-1)
• Seoul Region (ap-northeast-2)

trocco is hosted independently in each region and does not share infrastructure resources, environments, or data.
Data processing in trocco takes place in the data center of each AWS region.
Your data will never be processed in a different region's data center.

In the near future, we plan to expand the number of hosted AWS regions for trocco.

Can I choose which AWS region to use for trocco?

Yes.
By default, when we create your trocco account, we will set the AWS region based on your address location.
If you wish to choose a different AWS region, please contact our sales representative or customer success engineer before we create your trocco account.

How are my credentials and passwords handled in trocco?

trocco uses AWS Key Management Service (KMS) to encrypt and decrypt your credentials. This information is stored in a database isolated from the Internet.

Does trocco perform third-party vulnerability assessments?

Yes, trocco regularly performs third-party vulnerability assessments.

What should we do if we discover a vulnerability in trocco?

We apologize for the inconvenience, but please contact our sales representative or customer success engineers.

For any other questions regarding trocco’s security, please get in touch!