We are thrilled to announce that CockroachDB dedicated, the fully managed single-tenant version of CockroachDB, is now HIPAA-ready and can be used to safely store protected health information (PHI). Any organization working in healthcare needs to comply with HIPAA requirements to protect sensitive patient data, regardless of whether they’re a “covered entity” (hospital, health insurance plan, pharmacy, etc.) or “business associate” (an organization that works with a covered entity).

We are thrilled to announce that CockroachDB Dedicated, the fully managed service of CockroachDB, is now PCI-DSS certified by a Qualified Security Assessor (QSA) as a PCI Level 1 Service Provider. The PCI-DSS was created by the PCI Security Standards Council - an organization formed in 2006 by the major credit card associations (Visa, American Express, MasterCard and JCB). The mission of this council is to establish a “minimum security standard” to protect customers’ payment information. Any business that handles credit card and payment data is required to conform to that minimum standard referred to as the Payment Card Industry (PCI) Data Security Standard (DSS).

Secure authentication is a fundamental requirement when evaluating a database product. Architecture and Security teams prefer capabilities which could somehow be managed centrally, ideally using existing security tools in the enterprise tech stack. Over decades of advancements in the OLTP database ecosystem, we’ve seen a number of solutions emerge for secure authentication. Whether it be PKI/certificates, LDAP integration with enterprise identity directory, GSSAPI/Kerberos, SCRAM and so on, those mechanisms have enabled organizations to adopt a variety of new databases over time. We also support most of those capabilities in CockroachDB that are utilized by the majority of our security-conscious customers.

As part of zero-trust focus, InfoSec and Risk teams pay extra attention to data exfiltration threat vectors, including both when it comes to how service providers manage their data, and how to control & manage insider risk exposure through their employees. Solutions to a number of those requirements manifest in the form of network security controls, especially for egress. With regard to database clusters, restricting clusters to access only specific resources for things like backup-restore, publishing real-time change events, or sending observability data can be challenging.

Identifying transaction bottlenecks or getting an audit trail of user actions in the database can be challenging without self-service observability. Often, the only way to access cluster logs is to request them from technical support, which is painfully inefficient. If a particular set of SQL queries from an application is taking more time to execute than anticipated, not having timely access to logs to help troubleshoot slow query performance could mean end users suffering an inferior experience for longer than desired and the application team not being able to adhere to their SLA / SLO. And if the InfoSec team needs real-time information to identify which users are accessing confidential data fields in tables with sensitive data, going through the support team can hamper appropriate auditability. CockroachDB now makes it possible to export your CockroachDB Dedicated logs to your AWS Cloudwatch or GCP Cloud Logging instances. You can collect and visualize cluster logs directly in those cloud-native services, and from there optionally send them to other third-party Observability platforms for centralized monitoring. You can do all this on your own. No technical support required.

There are two different ways to use CockroachDB as a managed service and enjoy DBaaS benefits: CockroachDB Dedicated is a fully managed single-tenant service used by companies to store their data while adhering to their enterprise compliance requirements. CockroachDB Serverless offers automatically scalable service for building new and nimble applications while paying for only what you use.

CockroachDB Dedicated and CockroachDB Serverless — CockroachDB’s fully managed DBaaS offerings — allows global organizations to focus on building groundbreaking applications and let the database handle their transactional data at required scale, with high availability and multi region disaster proofing capability. These customers trust CockroachDB to store their data in a secure manner with guardrails similar to what they would implement in their own infrastructure.

CockroachDB helps small to large organizations manage their transactional data at global scale, with high-availability, while providing multi-cloud & hybrid disaster proofing capabilities. Many of those customers trust CockroachDB to store PII or organizationally sensitive data, and they secure it with native data security capabilities in the product. But there are some needs that require reimagination of how one looks at data security at different kinds of scale - across different business units or teams, across multiple CockroachDB clusters, or across multiple types of data stores including OLTP and OLAP.