Our security approach
Couchbase security is a team effort. It begins with top-down policies from management and extends to the development of secure products by our engineers, management of governance and compliance by our information security team, and shared responsibilities across all our business units.
Built-in security protects your modern enterprise
Verify
Role-based access controls ensure only authorized users or applications have access to data.
Enforce
Enforcement of least privilege access is applied to all credentials and secrets, ensuring strict access controls to sensitive data and actions.
Monitor
To prevent potential breaches, Capella implements a managed cloud intrusion detection system that involves 24x7 monitoring.
Modernize
Capella is built using modern DBaaS principles and secure development practices.
Compliance
The Couchbase information security team has established a robust security program based on Couchbase’s identified risks, industry standards, and best practices (e.g., CIS Critical Security Controls, ISO 27002, NIST SP 800-53, and SSAE 18 SOC 2 Trust Principles).
SOC 2
Couchbase Capella successfully completed a SOC 2 Type II audit and received an independent auditor’s report examining Capella's security, availability, and confidentiality controls. You can request a copy of the report from our team.
PCI DSS
The Couchbase security framework encompasses data encryption and many other key elements to secure and protect data in transit and at rest within the payment card ecosystem. Couchbase Capella has achieved PCI DSS 4.0 attestation of compliance.
HIPAA
An independent review allows Couchbase Capella to be used with HIPAA compliant applications. Please contact us to execute the required Business Associate Agreement (BAA) for this purpose.
GDPR
Couchbase works closely with European products and services customers to help them enable their GDPR compliance and meet their data privacy and regulatory requirements.
Critical Components
Privacy
Couchbase is committed to being transparent about how we collect, use, and protect data received and stored by our products and services. See the Couchbase Privacy Policy for more information.
Reliability
Couchbase’s architecture interweaves many technology elements to ensure reliability, disaster tolerance, and industry-leading high availability at scale on a global basis.
Shared responsibility
Although much of the security framework is in place and automated, customers are responsible for some initial configuration and ongoing security administration. See our Shared Responsibility Model to learn more.