Azure Databricks security and compliance
Enable the true potential of your data with cloud native security, deeply integrated with Azure
Benefits of securing a lakehouse on Azure
As organizations move to break down data silos, Azure Databricks enables them to implement policy-governed controls that enable data engineers, data scientists and business analysts to process and query data from many sources in a single data lake. Different classes of data can be protected and isolated to ensure proper access and auditability.
An integrated and consistent approach to data governance and access simplifies the lakehouse architecture and gives organizations the ability to rapidly scale from a single use case to operationalizing a data and AI platform across many distributed data teams.
Secure access to the lakehouse
Appropriate user access
Lakehouse auditability
Policy-based access controls
Azure Databricks security and compliance features
In addition to core Databricks security features, Azure Databricks provides native integration with Azure security features to safeguard your most sensitive data and enhance compliance.
Cloud-native controls for core security
Simplify data lakehouse access with Azure Active Directory (Azure AD) credential pass-through. Control who has access to what data by using seamless identity federation with Azure AD.
Data security
Azure storage automatically encrypts your data, and Azure Databricks provides tools to safeguard data to meet your organization’s security and compliance needs, including column-level encryption.
Manage your secrets, such as keys and passwords, with integration to Azure Key Vault. By default, all Azure Databricks notebooks and results are encrypted at rest with a different encryption key. If you want to own and manage the key used for encrypting your notebooks and results yourself, you can bring your own key (BYOK).
Isolated environments
The default deployment of Azure Databricks is a fully managed service on Azure that includes a virtual network (VNet). Azure Databricks also supports deployment in your own virtual network (sometimes called VNet injection or bring your own VNet) that enables full control of network security rules.
Azure Private Link encrypts all traffic between your users and their Azure Databricks notebooks and compute resources using Azure’s network backbone that is inaccessible to the outside world. This mitigates against data exfiltration, preventing users from sending data externally.
Audit
Get cloud-native visibility into who is processing the data and when, using Azure Storage Explorer.
Compliance standards
GDPR and CCPA
Delta Lake brings data reliability and performance optimizations to your cloud lakehouse. Azure Databricks can help you comply with applicable data protection laws, like GDPR and CCPA.
HIPAA
Compliance with HIPAA is available through Microsoft Azure BAA. Learn more about the Databricks Compliance and Assurance Program.
HITRUST
Azure Databricks is HITRUST CSF Certified to meet the required level of security and risk controls to support the regulatory requirements of our customers.
FedRAMP High
Azure Databricks has received a Federal Risk and Authorization Management Program (FedRAMP) High Authority to Operate (ATO) in two Azure Government regions: US Gov Arizona and US Gov Virginia. Azure Databricks is Federal Risk and Authorization Management Program (FedRAMP) authorized at the High Impact level, enabling data and AI use cases across the public sector on the dedicated Microsoft Azure Government (MAG) cloud. See the list of Azure services by FedRAMP and DoD CC SRG audit scope. Learn more about FedRAMP by reading this Microsoft documentation.
Department of Defense Impact Level 5 (DoD IL5)
Azure Databricks has received a Provisional Authorization (PA) by the Defense Information Systems Agency (DISA) at Impact Level 5 (IL5) in two Azure Government regions: US Gov Arizona and US Gov Virginia, as published in the Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG).
Policy-based access controls
Azure Databricks supports cloud-native access control for ADLS Gen 2 for seamless access management controls, including role-based access controls.