Enterprise docs

Security best practices

There are several best practices you can follow to improve the security of your data and manage access to it on data.world.

Use organization-owned connections

The Connection Manager on your organization page allows for connections to be managed by only organization administrators. All database and dataset connections are audited and reportable.

Leverage identity integration

Integrate with your identity management system, such as Okta or Ping. data.world supports pre-provisioned accounts with SAML authentication, or just-in-time (JIT) SAML provisioning. Your identity management system will provide you the ability to manage token expiration, password policy, multi-factor authentication, conditional access restrictions, and more in conjunction with your data.world solution.

SAML

Use an SSO application with your provider to authorize access to your organization's data.

Turn off organization visibility

By default, organizations in a VPC environment do not show up in a list of data.world organizations. However this feature is also availbe for multi-tenant clients. It is possible to configure any organization so that it does not show up in a publicly visible list of data.world organizations.

Never share keys or tokens

Some third party applications may require an API token or key to work with data.world. If you have such a key or token, or one for data.world's metadata catalog collector, you should never share them with anyone else. These tokens run as your user with your permission levels. Every user who needs an API token should have their own for security and accountability.

Upload restrictions

Uploads can be restricted, including to 0GB (uploads disabled) to prevent data being manually added to the platform by users.

Provide masked/limited file previews on discoverable datasets

Often for evaluating data you want users to understand not only the column names and other descriptive metadata, but also some example rows. Masking/limitations applied to samples allow for them to be provided in a way that effectively works within sensitive data or compliance needs.