We are driven to build a data platform that scales with the exponential growth in volume and demands for data—and meets the growing need, complexity, and importance of data security.
Looker’s data platform sits on top of your existing database, using a secure connection to query your data warehouse directly. Looker writes a query to access the data needed to answer your question, returns the result, and holds the answer in a (configurable) temporary cache.
Administrators can set granular permissions by user or group and can restrict data access from the database level down to the row or column level.
Because Looker provides a single point of access for your data, you can establish a robust business intelligence governance infrastructure. Everyone within your company can answer their own questions while keeping data sprawl to a minimum and access to sensitive information restricted.
With Looker, queries are made directly against your database and not by moving or extracting data to workbooks, cubes, .csv files, proprietary databases, or desktops. This key Looker differentiator promotes data integrity while keeping data movement to a minimum and access to sensitive information restricted.
A fully configurable caching layer offers the full processing power of your database and its security model—without long-term storage of data.
Looker uses AES 256 bit encryption to secure your database connection credentials and cached data stored at rest. Plus, TLS 1.2 is used to encrypt network traffic between users’ browsers and the Looker platform. There are many options to select from for securing connections to your database, including IP whitelisting, SSL, SSH, PKI, and Kerberos authentication.
For companies that have invested in modern user authentication tools, Looker supports two-factor authentication, integrates with LDAP, and SSO (supporting SAML, OneLogin, and Google Apps).
A layered approach to data governance is of particular value to industries with specialized security requirements and companies with GDPR or other privacy considerations.
Built into the core of Looker’s platform are fine-grained access controls which provide three levels of data governance:
Because Looker’s data platform provides a single point of contact for employees’ work with your enterprise’s data, it’s easy to track user activity. The platform has out of the box and customizable monitoring tools, in addition to alerting capabilities if predefined events of interest take place.
Borrowing from software engineering best practices, Looker’s data model is version-controlled in Git. This allows collaboration and iteration with the ability to easily roll back to previous versions if needed to minimize the impact of an unintended error.
A simpler, transparent architecture for data processing which reduces data sprawl and can comply with GDPR requirements - while providing modern data delivery capabilities and crucial insights to drive business success.
The Looker data platform provides numerous product features to assist with data management, setup, and processes to help you meet data security and privacy GDPR requirements.
Looker’s data security program is designed to ensure that company policies, controls and processes are appropriate to the type of personal data and data processing collected.
Looker connects to your organization’s database, and is designed to leave your data in that database. Because Looker connects to technology that you are responsible for maintaining, security becomes a shared responsibility between Looker and you. If you use embedded analytics functionality (Powered by Looker), Looker has developed security best practices you can leverage to help mitigate security concerns.
While there is no permanent storage of your data in the Looker application, Looker utilizes a number of first- and third-party tools in order to provide and improve the service. Unless stated, all services share data with locations in the United States.
Application services include:
|Licensing data||A Looker service that gathers information about how the service is being used to ensure that usage is in compliance with the customer’s licensing terms. This information includes metadata about users, roles, database connections, server settings, features used, API usage, and version.|
|Product usage||A Looker service and a third-party service (Google Analytics 360) that gather pseudonymized usage data about how users are using the Looker product and how well it is performing. This data is analyzed and used to improve the Looker product. Administrators can disable these services for their instance by contacting Support.|
|Configuration backups||A Looker service that encrypts backups of Looker system’s configuration, which includes saved Looks, query history, encrypted user and database credentials, and Looker user settings. For redundancy, configuration backups are stored in multiple cloud providers including AWS, Google Cloud, and/or Microsoft Azure.|
|System error reports||A Looker service that transmits runtime exceptions to Looker internal systems in order for Looker technicians to diagnose issues with the product. These messages are first sent as HTTPS requests, but will fail-over to email via a customer’s Looker’s SMTP settings if necessary.|
|Support access||An optional Looker service that allows Looker technicians to troubleshoot problems by permitting authentication into a customer’s Looker application. This access is limited to Support use cases and can be disabled when not needed by customers.|
|Data Actions||An optional Looker service that forwards data to a variety of third-party services. Any data your users send using an action will be processed temporarily on Looker’s managed Action Hub rather than in your Looker instance. https://docs.looker.com/admin-options/platform/actions|
|Email notifications||An optional third-party service (SendGrid) that transmits emails from email@example.com and firstname.lastname@example.org in order to provide new account welcome emails, forgotten password reset links, and scheduled data delivery for Looker users. If you prefer, you can alter this configuration to use your own SMTP integration instead.|
|LookML storage||An optional third-party service (GitHub) that allows for the development and storage of a customer’s LookML code. If you prefer, you can alter this configuration to use your own Git integration instead.|
|In-app guides and in-product messaging||An optional third-party service (Pendo) that delivers personalized messages to users to help them more easily use the Looker product. This service collects basic pseudonymized usage data in order to personalize messages and guides. Administrators can disable this service for their instance.|
|Support chat and tickets||An optional third-party service (Zendesk) that provides an embedded chat client in order to facilitate product support.|
NOTE: We regularly review both our internal services and third-party service providers to ensure that the data we collect is aligned with the service’s intent, and that the security measures employed meet our high security standards.
|Cloud security||Looker uses established public cloud hosting providers to augment Looker’s security program with additional security and availability operational controls.|
|Product security||Looker is responsible for ensuring that the code quality for the Looker application is developed according to industry-wide best practices for software development, and is regularly tested for vulnerabilities.|
|Corporate security||Looker is responsible for educating and disseminating security best practices throughout its organization, and ensuring that Looker’s ancillary applications, systems, and networks are securely configured and monitored.|
|Physical security||Looker is responsible for monitoring the Looker corporate facilities, and ensuring that offices and hardware are both protected.|
You are responsible for configuring secure access between the Looker application and your database. Looker provides extensive recommendations on how to do this, including:
You are also responsible for controlling access and permissions for users of your Looker instance within your company. Looker recommends:
Looker hosts the Looker application on proven public clouds, which means that as a Looker customer you’ll inherit the robust standards of cloud security maintained by our cloud partners (currently AWS and Google Cloud), which Looker builds on top of for its own security best practices. Looker also uses industry best practices for the development and testing of the Looker application, ensuring that code quality meets our standards before becoming part of a Looker release.
|Public cloud facilities||The Looker application is managed in public cloud datacenters. These facilities implement various physical and environmental controls to ensure that Looker customer data is well protected from possible theft or loss.|
|Logical separation of data||While Looker does not persist customer database information, the application does store configuration information, event data, and cached query results. Looker is architected to logically separate this information in order to isolate customer data and reduce cross-tenant exposure risk.|
|Data Security Architecture||Looker follows best practices for security architecture. Proxy servers secure access to the Looker application by providing a single point to filter attacks through IP blacklisting and connection rate limiting.|
|Redundancy||Looker employs a Cloud-based distributed backup framework for Looker-hosted customer servers.|
|Availability and durability||The Looker application can be hosted in a variety of different public cloud data centers across the globe.|
Monitoring & Authentication
|Access to a customer’s back-end servers||Access to a Looker-hosted back-end environment requires approval and multiple layers of authentication.|
|Access to a customer’s Looker application||Employee access to customer Looker instances is provided in order to support a customer's needs. Access requires approval and multiple layers of authentication. Additionally, customers can control all access from Looker to their application via a Support toggle.|
|Monitored user access||Access to your Looker environment is uniquely identified, logged, and monitored.|
|Network and application vulnerability scanning||Looker’s front-end application and back-end infrastructure are scanned for known security vulnerabilities at least monthly.|
|Centralized logging||Logs across the Looker production and corporate environments are collected and stored centrally for monitoring and alerting on possible security events.|
|Reputation monitoring/threat intelligence||Collected logs and network activity are checked against commercial threat intelligence feeds for potential risks.|
|Anomaly detection||Anomalous activity, like unexpected authentication activity, triggers alarms.|
Data Security Encryption
|AES encryption||Locally-stored sensitive application data, including database connection configurations and cached query data, is encrypted and secured using AES encryption.|
|Secure credential storage & encryption||Native usernames and passwords are secured using a dedicated password-based key derivation function (bcrypt) with hashing and salting.|
|TLS encryption||Data in transit is encrypted and secured from the user's browser to the application via TLS 1.2.|
|SSL / SSH encryption||Looker enables you to configure your database connection via encrypted TLS 1.2 or SSH.|
|Code development||Code development is done through a documented SDLC process that includes guidance on how code is tested, reviewed, and promoted to production.|
|Peer review and unit testing of code||Code is peer reviewed before being committed to the master code branch of the Looker application. Functional and unit tests are performed using automated tools.|
|Routine developer training||Developers are regularly trained on secure coding practices.|
|Code quality tests||Looker utilizes automated tests specifically targeting injection flaws, input validation, and proper CSRF token usage.|
|Regular third-party penetration testing||Looker performs regular third-party penetration tests against the Looker application and hosted environment.|
|Single sign-on||Looker provides SAML-based single sign-on for users, offering support for SSO solutions from Google Apps, OneLogin, and SAML.|
|LDAP authentication||Looker provides the ability to authenticate users based on Lightweight Directory Access Protocol (LDAP), enabling administrators to link LDAP groups to Looker roles and permissions.|
|Two-factor authentication||Looker provides the ability to use two-factor authentication via Google Authenticator.|
|Responsible disclosure||Looker embraces the security community and operates a responsible disclosure program to facilitate security vulnerability reporting.|
Looker has robust security protocols that are meant to secure Looker office spaces and materials that contain sensitive information. Looker also invests in properly vetting and training staff to ensure that there is an organization-wide appreciation for data security.
Personnel & Third Parties
|Security organization||Led by the Chief Security Officer (CSO), Looker has established a dedicated information security function responsible for security and data compliance across the organization.|
|Policies and procedures||Looker has implemented various security policies that are maintained, communicated, and approved by management to ensure everyone clearly knows their security responsibilities.|
|Background checks||New contractors and employees are required to pass a background check and sign confidentiality agreements.|
|Security awareness education||Looker’s new hires complete security training as part of their initial training with the company. Employees receive routine security awareness training and confirm adherence to Company security policies. Looker employees are reminded of security best practices through informal and formal communications.|
|Vendor management||Looker maintains a vendor management program to ensure that third parties comply with an expected level of security controls.|
|Risk management||Looker maintains a robust security risk management program. Our CSO chairs our internal quarterly Security Steering Committee.|
|On-call||Looker’s Security and Operations team is available 24/7 to respond to security alerts and events.|
|Policies and procedures||Looker maintains a documented incident response plan.|
|Incident response training||Employees are trained on security incident response processes, including communication channels and escalation paths.|
Looker Premises and Hardware
|Monitoring and secure access to Looker offices||Looker offices are protected by security measures including badge access and security cameras. By policy, employees are required to escort guests inside the Looker offices.|
|Laptop protection||Looker uses a combination of endpoint management tools to monitor, patch, and protect its laptop population. Laptops have encrypted hard drives and are protected with sign-on password. Additionally, an AV/HIDs solution is installed on laptops to protect against malware and monitor for possible security events.|
One of the priorities of Looker’s security practices is to ensure that use of your data is transparent, safe, and respectful. To that end, Looker maintains a Compliance team to perform regular assessments and ensure that risks are appropriately being mitigated and that controls are designed and operating correctly.
Data Security & Compliance
|SOC 2 Type II||Looker’s SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, and is audited every 6 months. The report is available, upon request, for review by existing customers and new prospects. As the information is confidential, we require a signed NDA to review the report. Note — While our current SOC 2 Type II report only covers our customers housed in the AWS environment, we are actively working on our SOC 2 Type report for our new Google Cloud environment. We anticipate our Type I report being available in late Q2, 2019.|
|HIPAA Security||Looker customers include HIPAA Covered Entities and Business Associates. Since Looker doesn’t extract your data, we don’t categorize data as sensitive, personal health information, or according to other schemas. Instead, we handle all data according to the same security standards. To provide HIPAA assurance, Looker engages with a third-party to perform HIPAA Security Rule audits annually. To assist you with your HIPAA-related security obligations, Looker maintains a Business Associate Agreement (BAA) available to execute as needed.|
|Cloud Security Alliance (CSA) STAR assessment||Looker has completed the CSA's Consensus Assessments Initiative Questionnaire (CAIQ), which provides a set of questions a cloud consumer may wish to ask of Looker to ascertain their compliance with the Cloud Controls Matrix and CSA best practices. It is available for download here and will be updated periodically.|
|Other Security Compliance Initiatives||Looker is actively pursuing PCI, ISO 27001, and FedRAMP compliance initiatives.|
|European data protection and GDPR and Privacy Shield compliance||
Looker works closely with many data-driven organizations within the European Economic Area and supports GDPR compliance in three ways: Architecture, Product and Company readiness.
We’ll work with you to assure database compliance with personal data-handling requirements and cross-border transfer requirements under the General Data Protection Regulation (GDPR)), effective May 2018.
|Other Privacy Compliance initiatives||Looker intends to comply with the CCPA (California Consumer Privacy Act of 2018), which will become effective January 2020. As currently defined in CCPA, Looker will operate as a Service Provider (not a Third Party) under CCPA to its customers.|
|Determine where Looker is hosted||Looker provides a number of locations where your Looker application and configuration backups can be hosted. This includes US, Japan, Ireland, Germany, Australia, or Brazil.|