Cloud Trust Center

“At Couchbase, we believe data is at the heart of the enterprise and robust security is vital to protecting it.”

Matt Cain
CEO, Couchbase



Our security approach



Couchbase demonstrates a commitment to security at all levels of the organization, across top-down policies and direction from management, engineering developing secure products, an information security team responsible for governance and compliance management, and through to shared responsibilities across business units. Security is a team effort of all Couchbase employees.

Couchbase Capella™, our fully managed Database-as-a-Service (DBaaS) architecture is based on industry best practices for security and focused on three important pillars:

Verify Explicitly

Verify explicitly calls for strong identity authentication and explicit verification of access to data.

Least Privilege

Enforcement of least privilege access is applied to all credentials and secrets, ensuring strict access controls to sensitive data and actions.

Platform Monitoring

To prevent potential breaches, Capella implements a managed cloud intrusion detection system that involves 24x7 monitoring.

Critical Components



Privacy

Couchbase is committed to being transparent about how we collect, use, and protect data received and stored by our products and services. Please see the Couchbase Privacy Policy for more information.

Reliability

Couchbase’s architecture interweaves many technology elements that are vital to ensuring reliability and disaster tolerance to provide industry-leading high availability, at scale on a global basis. 

Shared Responsibility

Although much of the security framework is in place and automated, customers are responsible for some initial configuration and ongoing security administration.

Compliance



The Couchbase information security team has established a robust security program based on Couchbase’s identified risks, industry standards, and best practices (e.g., CIS Critical Security Controls, ISO 27002, NIST SP 800-53, SSAE 18 SOC 2 Trust Principles).




SOC 2


Couchbase Capella successfully completed a SOC 2 Type II audit and received an independent auditor’s report examining Capella's security, availability, and confidentiality controls. A copy of the report can be requested from our team.


GDPR


Couchbase works closely with European customers, through our products and services, to help enable customers’ GDPR compliance and meet data privacy and regulatory requirements.


HIPAA


Health information is sensitive. Couchbase is invested in the building of a HIPAA compliance program focused on the processing, transmitting, and storing of health information for our customers.


PCI DSS


The Couchbase security framework encompasses data encryption and many other key elements to secure and protect data, in transit and at rest, within the payment card ecosystem. We are in the process of expanding compliance capabilities to achieve PCI DSS. 

Security responses

Couchbase methodically analyzes security vulnerabilities and scores them according to the CVSS v3.1 standard. Once resolved, we then publish public advisories as standard CVE alerts into NIST’s National Vulnerability Database (NVD) and on our website at:
https://www.couchbase.com/alerts

 


Ready to create amazing customer experiences?


The easiest and fastest way to begin with Couchbase



Try Free