Data Segregation
LAST UPDATED: SEP 26, 2024
Overview
D3 SOAR employs a multi-layered approach to data segregation, ensuring data remains distinct across various entities. This document explains the various layers and mechanisms D3 uses to maintain data compartmentalization.
User-Level Segregation
User-level segregation is achieved through D3's user management system, including a hierarchical model that manages Users, Groups, Roles. Let's take a look at each entity.
Users: Every D3 user needs a unique account, which includes login credentials and contact details. A user's access is determined by their role and group affiliations
Groups: These are clusters of D3 users. Groups play a pivotal role in determining data access and aligning with an organization's access control strategy.
Roles: A user is assigned a specific role, dictating their platform access. Roles can be customized to mirror an organization's or SOC team's hierarchy.
To manage users, groups and roles, navigate to Configuration > Organization Management.
Multitenant Segregation
D3 SOAR ‘s approach to multitenancy allows for flexible and secure data management across different organizational structures. This can be implemented at two distinct levels: through site-based segregation and the creation of distributed sub-tenants.
Site-Level Segregation
Sites segregate data across organizational entities. For organizations, these might be departments, while for MSSPs, they represent distinct clients. Components segregated by sites include:
Connections
Data Ingestion Schedules
Playbooks
Global Lists
Webhooks
Automation Rules
Agents
Reporting Dashboards and Widgets
Sites are categorized as internal or client:
CLIENT SITES | INTERNAL SITES | |
---|---|---|
Purpose | For individual clients/entities. | For centralized SOC teams in large organizations. |
Multi-tenancy | Each client gets a unique site. | Organizations manage multiple sites. |
Data Sharing | Data is not shared between client sites, with the exception of connectors if enabled. | Cross-site sharing is possible based on permissions. |
Use Case | Best for MSSPs. | Suited for large organizations with varied jurisdictions. |
Data Isolation | Each site ensures data privacy. | Data centralization or isolation depends on organizational needs. |
User Access | Users access only their designated client site. | Users might access multiple sites based on roles. |
To manage sites, navigate to Configuration > Organization Management.
Sharing Connections Between Sites
Integration connections and ingestion API keys can be configured to be shared between all internal sites or client sites.
Distributed Multi-tenancy Segregation
Distributed multi-tenant implementation of D3 SOAR is offered to meet data residency requirements. Under this model, a master tenant manages sub-tenants, each hosted on distinct servers in varied geographic locations. For instance, a master tenant could oversee sub-tenants in the US, Europe, and APAC.
The term "distributed" emphasizes that data is spread across multiple servers and locations rather than being centralized. This approach ensures compliance with regional data regulations and offers enhanced data security.
All sub-tenants retain the segregation layers mentioned earlier, ensuring consistent data management across the board.
ALERT
Distributed multi-tenancy is not offered by default and may incur higher hosting costs due to the need for multiple server instances. Contact D3 Security to learn more.