“At Couchbase, we believe data is at the heart of the enterprise and robust security is vital to protecting it.”
Matt CainCEO, Couchbase
Our security approach
Couchbase demonstrates a commitment to security at all levels of the organization, across top-down policies and direction from management, engineering developing secure products, an information security team responsible for governance and compliance management, and through to shared responsibilities across business units. Security is a team effort of all Couchbase employees.
Couchbase Capella™, our fully managed Database-as-a-Service (DBaaS) architecture is based on industry best practices for security and focused on three important pillars:
Verify explicitly calls for strong identity authentication and explicit verification of access to data.
Enforcement of least privilege access is applied to all credentials and secrets, ensuring strict access controls to sensitive data and actions.
To prevent potential breaches, Capella implements a managed cloud intrusion detection system that involves 24x7 monitoring.
The Couchbase information security team has established a robust security program based on Couchbase’s identified risks, industry standards, and best practices (e.g., CIS Critical Security Controls, ISO 27002, NIST SP 800-53, SSAE 18 SOC 2 Trust Principles).
Couchbase Capella successfully completed a SOC 2 Type II audit and received an independent auditor’s report examining Capella's security, availability, and confidentiality controls. A copy of the report can be requested from our team.
Couchbase works closely with European customers, through our products and services, to help enable customers’ GDPR compliance and meet data privacy and regulatory requirements.
Couchbase has successfully completed an independent review of Couchbase Capella for compliance with HIPAA requirements. While customers are responsible for confirming their own HIPAA compliance, Capella is ready for use with our customers' HIPAA compliant applications with an appropriate Business Associate Agreement (BAA) in place. Please contact us to execute a BAA with Couchbase.
The Couchbase security framework encompasses data encryption and many other key elements to secure and protect data, in transit and at rest, within the payment card ecosystem. We are in the process of expanding compliance capabilities to achieve PCI DSS.
Couchbase methodically analyzes security vulnerabilities and scores them according to the CVSS v3.1 standard. Once resolved, we then publish public advisories as standard CVE alerts into NIST’s National Vulnerability Database (NVD) and on our website at:
Ready to create amazing customer experiences?
The easiest and fastest way to begin with Couchbase