For customers who desire an extra level of security, Datafold supports deployment on premise (in customer's AWS, GCP or own data center). The Datafold application is modularized and complies with industry best practices on security and provisioning.
The general deployment strategy for Datafold is the following:
The customer creates an isolated environment (e.g. AWS sub-account / GCP project) within their cloud account and provides Datafold with permissions to provision resources in that environment. That ensures proper resource and permission isolation of Datafold-related resources from the rest of infrastructure, as well as easy control for ingress/egress of data.
Datafold provisions the infrastructure and Datafold application in the isolated environment within customer's cloud account. The process is automated and makes software updates seamless.
Once Datafold application is provisioned, customers can add database connections to integrate with their analytical data warehouse (e.g. Redshift or BigQuery) in Datafold UI.
The entire deployment process usually takes ~15 minutes of work.
All communication between Datafold server and client parts of the application, as well as with the customer's analytical data warehouse, happens within the customer's private network. Customer's data such as Data Diff results & samples of tables pulled from the data warehouse is also stored within the customer's VPC.