Security and Starburst Galaxy #

Starburst Galaxy provides the benefits of Trino, on an easy to use, fully-managed and enterprise-ready SaaS platform.

Data sources, catalogs, and clusters #

Your data sources for Starburst Galaxy are managed by yourself in a cloud provider infrastructure. The data sources remain under your control. Only queried data is accessed by Starburst Galaxy.

Data source access is configured in catalogs in Starburst Galaxy. Catalogs use authentication and authorization configured by you in the data source of your cloud provider to access the data.

These catalogs can be used in one or more clusters. The clusters are within cloud platform regions of your choice. ElasticIPs are whitelisted for Starburst’s NAT gateways, to connect publicly to a customer’s resource. All access to data sources originates from these clusters.

Control plane #

The control plane of Starburst Galaxy manages the overall application, provides configuration storage and all other aspects of managing the system for all users. The control plan is deployed and managed by Starburst in our cloud environments. All storage is encrypted and separated per customer. Only a limited number of privileged users at Starburst are granted access to the control plane.

Authentication and authorization system #

Starburst Galaxy includes a role-based access control (RBAC) system to support Starburst Galaxy, the clusters, and the configured catalogs with the data from the data sources for every user.

Starburst Galaxy provides a hosted login experience allowing users to sign in with standard username and password credentials. You can manage all users for your organization with the Starburst Galaxy user interface.

Users are assigned one or more roles. A role has a name and an optional description, and can be assigned privileges on entities, such as cluster management, user creation, audit log viewing, and others. You can manage users, roles, and privileges in the Starburst Galaxy user interface.

Access to the Starburst Galaxy user interface, and directly to clusters with clients, is secured with Transport Layer Security (TLS) and globally trusted certificates.

More information is available in the Starburst Galaxy security documentation.

Logging and monitoring #

Starburst Galaxy includes comprehensive logging of events and end-to-end user activities. It automates health and performance monitoring to provide observability to ensure services are functioning optimally.

Audit and compliance #

Starburst audits all actions that are taken on your account. Audit logs are maintained within the user interface and are available to you.

Usage information #

Starburst strives to access and collect only the minimum amount of information needed to provide our products and services. In some instances, Starburst staff may be required to access customer information via the Starburst Galaxy user interface to provide customer support, to fulfill legal requirements or for other legitimate business purposes. Employees with data access undergo regular appropriate use training and our environment is protected with robust security measures and controls.