HAIC Security Guarantees Model

This page outlines the specific protections, measures, and assurances that H2O AI Hybrid Cloud (HAIC) offers to users in terms of security. It defines what users can expect in terms of confidentiality, integrity, availability, and other security principles.

info

Note that these security guarantees are implemented in accordance to specific customer requirements and specifications. The following guarantees can be met depending on whether the customer environment and infrastructure is able to support it.

Core security guarantees

Access control

Access control is a fundamental security measure that determines who is allowed to access certain data, applications, and resources within the H2O AI Cloud environment. It ensures that only authorized users can interact with specific components, thereby maintaining the integrity and confidentiality of the system.

Authentication

H2O AI Hybrid Cloud employs robust authentication methods to verify the identity of users attempting to access the platform. This process ensures that only legitimate users can proceed to the authorization phase.

Authorization

Once authenticated, users are granted permissions based on predefined roles and policies. This role-based access control (RBAC) follows the principle of least privilege, ensuring that users can only access resources pertinent to their responsibilities.

Integration with Identity Providers (IdP)

H2O AI Cloud relies on Keycloak OpenID Connect (OIDC) to support integration with external identity providers, allowing organizations to leverage their existing authentication systems. This integration streamlines user management and enhances security by utilizing established identity verification processes.

Audit logging

HAIC maintains comprehensive logs of user activities, enabling administrators to monitor access patterns and detect any unauthorized attempts.

Data protection

Encryption of sensitive data at rest and in transit

At rest

Sensitive data is encrypted using industry-standard algorithms, ensuring that information remains secure even if unauthorized access to storage media occurs.

In transit

Data transmitted between clients and the H2O AI Cloud platform is secured using Transport Layer Security (TLS) protocols. This ensures that data remains confidential and integral during transmission, preventing interception or tampering by unauthorized parties.

Regular backup and secure storage mechanisms

Automated backups

H2O AI Hybrid Cloud performs regular automated backups using Velero. Velero Backup Kubernetes resources like deployments, configmaps, secrets, etc as well as Snapshot persistent volumes (PVs). These backups are scheduled to occur at predefined intervals to minimize data loss in case of unforeseen events.

Secure storage

Backups are stored in secure, access-controlled environments to prevent unauthorized access.

Disaster recovery

The H2O AI Hybrid Cloud disaster recovery implementation varies for each customer in order to meet specific customer requirements.

Application development

H2O ensures robust security practices throughout our internal software development lifecycle by implementing the following controls:

Code reviews to identify and address potential issues.
Automated scanning of dependencies to detect vulnerabilities.
Verification of dependency licenses to ensure compliance.
Vulnerability scanning of final product artifacts, including Docker images.
Security assessments of infrastructure to identify and mitigate risks.
Annual penetration testing to evaluate the security posture and identify potential vulnerabilities in the system.

Compliance

H2O AI Hybrid Cloud is committed to maintaining high standards of security, privacy, and regulatory compliance to protect user data and support organizational requirements. The platform undergoes regular assessments to ensure adherence to key compliance frameworks and standards.

SOC 2 Type 2 Certification

H2O AI Hybrid Cloud has achieved SOC 2 Type 2 certification, demonstrating the platform's commitment to securing customer data.
This certification reflects the platform’s ability to manage sensitive customer information securely and provides assurance that security controls are in place and operating effectively over time.

Service-level commitments

- H2O AI is committed to delivering reliable and secure services to its customers, supported by robust service-level commitments.

Uptime guarantee

H2O AI provides a service uptime guarantee for critical services, ensuring minimal disruptions and consistent availability to meet customer needs based on the respective customer's requirements.

Recovery objectives

RTO (Recovery Time Objective): H2O AI commits to restoring critical services within a specified time (depending upon customer requirements and specifications)following a disruption, minimizing operational downtime.
RPO (Recovery Point Objective): H2O AI ensures that data recovery is performed within a defined minimum data loss window depending upon customer requirements and specifications), thereby safeguarding customer data and business continuity.

Transparency

H2O AI Cloud provides comprehensive visibility. Customers can access compliance evidence and relevant documentation through the self-service portal in the H2O.ai Trust Center, ensuring transparency in how the platform safeguards data and operates securely. This portal includes details about H2O AI internal policies, compliance certifications, and other relevant evidence that reflects the platform's commitment to maintaining a secure and trusted environment.

Additionally, H2O AI Cloud offers real-time security updates and vulnerability information through H2O Security Bulletins, which provide valuable insights into ongoing security efforts and any critical updates regarding the platform’s security practices.

Continuous improvement

Regular penetration testing and vulnerability scanning

H2O AI maintains a strong security posture by conducting annual penetration testing and regular vulnerability scans. These practices ensure that the platform remains resilient against potential threats. These proactive measures help H2O AI identify potential weaknesses, implement timely fixes, and uphold the security and integrity of its platform

Employee security training and awareness programs

H2O AI prioritizes security awareness by conducting annual employee security training programs. These programs are designed to:

Educate employees on cybersecurity best practices and emerging threats.
Reinforce the importance of safeguarding sensitive data and maintaining compliance.
Provide guidance on identifying and mitigating phishing, social engineering, and other cyber risks.
Ensure all team members are aligned with organizational security policies and procedures.
By fostering a culture of security awareness, H2O AI ensures its employees remain vigilant and proactive in maintaining the security and integrity of the platform.

Feedback

Submit and view feedback for this page
Send feedback about H2O AI Cloud | Docs to cloud-feedback@h2o.ai

HAIC Security Guarantees Model

Core security guarantees​

Authentication​

Authorization​

Integration with Identity Providers (IdP)​

Audit logging​

Data protection​

Encryption of sensitive data at rest and in transit​

Regular backup and secure storage mechanisms​

Application development​

Compliance​

Service-level commitments​

Uptime guarantee​

Recovery objectives​

Transparency​

Continuous improvement​

Regular penetration testing and vulnerability scanning​

Employee security training and awareness programs​