Was this page helpful?
Security¶
ScyllaDB Cloud is secure by default. All data is encrypted at rest and in transit, database-level encryption is enabled automatically for new clusters, and internal service accounts follow the principle of least privilege — all managed by ScyllaDB with no configuration required.
This section documents those built-in protections as well as the controls available to you: managing users and roles, configuring customer-managed encryption keys, enabling SSO, and requesting immutable backups.
Overview
Security Best Practices — Recommended configuration for Cloud and database users.
Security Concepts — How ScyllaDB Cloud security is architected: isolation, encryption, and access control.
Encryption
Database-level Encryption — Configure customer-managed encryption keys (CMK) for your data.
Storage-level Encryption — Always-on encryption at rest, managed by ScyllaDB.
Client-to-node Encryption — TLS encryption for traffic between your application and the cluster, managed by ScyllaDB.
Users and Access Control
Service Users — Internal accounts used by ScyllaDB for operations and automation.
User Management — Invite users and assign roles for your ScyllaDB Cloud organization.
SAML Single Sign-On (SSO) — Configure SSO with your identity provider.
Compliance
Immutable (WORM) Backups — Request write-protected backups for regulatory compliance.
Data Privacy and Compliance — ScyllaDB’s trust center, certifications, and data privacy policies.