Security

Astronomer is the platform for data orchestration, helping organizations securely manage the flow of data by building, deploying, scheduling, and monitoring data pipelines as code. Our platform, built upon Apache Airflow®, empowers data teams to build faster, while scaling flexibly as organizations grow.

Astronomer recognizes the critical nature of its services to our customers, and we are committed to the quality of these services. Ongoing investment in security and resiliency across all facets of our business is key to delivering on this commitment. We maintain a set of information security policies and procedures based on technical and organizational controls from AICPA SOC 2. This document outlines our policies and procedures for securing customer data.

Note that this document focuses on the latest generation of Astronomer Cloud. Policies that are relevant to Astro Private Cloud, our customer-managed software product, are specifically called out.

Customer Data Access and Management

The Astronomer Cloud service is composed of a multi-tenant control plane and a single-tenant data plane. All data orchestration is executed within the data plane. Only customer metadata is returned to the control plane for observability and control of the data plane.

Each Astronomer Cloud customer is provisioned one or more Astronomer cluster(s). Each Astronomer cluster is deployed in a separate virtual private cloud (VPC) within the data plane hosted on a customer-supplied cloud provider account. A limited number of Astronomer personnel who require access to the control plane or data plane can be granted specific access to an individual environment on a time-limited basis, as specified in the agreement(s) between Astronomer and the customer.

For customers running Astro Private Cloud, Astronomer personnel do not have direct access to the environment in which the software is deployed. Metadata and logs shared for the purpose of support are treated with the utmost sensitivity.

Encryption of Customer Data

All traffic between Astronomer services, as well as client-server communication, is encrypted for all Astronomer Cloud clusters. Astronomer uses TLS 1.2 digital certificates for service-to-service and client-to-service traffic. Inter-cluster traffic is managed and encrypted using mTLS. Client traffic is encrypted over TLS, which requires a Certificate Authority (CA) as well as keys and certificates. The Certificate Authority is Let's Encrypt. TLS encryption is enabled by default for all clusters and needs no additional configuration.

Risk Management and Security Controls Framework

Astronomer adheres to policies and procedures that are designed to protect customer data, information, and related assets from threats to security and availability.

Astronomer has a Risk Management Policy which applies to all Astronomer employees, contractors, vendors, and agents as well as all Astronomer business processes, procedures and activities. Threats and vulnerabilities identified are escalated to executive management for action and timely resolution.

Security Incident Response Management

Astronomer has a process for identifying and remediating security vulnerabilities and threats. Please see our Vulnerability Disclosure Page here or at https://bugcrowd.com/engagements/astronomer-vdp-ess

Physical Security

Astro is hosted on Microsoft Azure, Amazon Web Services, and Google Cloud Platform. All physical security controls for customer data are managed by those providers.

Astronomer’s physical office locations do not have preferential access to operational or development environments, nor do they house any customer information.

Business Continuity and Resiliency

Astronomer has a Business Continuity Plan which is engaged when an event has potential impact on Astronomer’s ability to deliver services to Customers. As a remote-first company, Astronomer’s physical office locations are not required for the ongoing delivery of Astronomer software or services, nor do they house any Customer information. Personnel are geographically distributed, minimizing the potential impact of localized events.

Both the control plane and data plane infrastructure within Astronomer Cloud is designed to be resilient to Cloud Provider availability concerns within a given region, with all components using a minimum of two availability zones.

Astronomer recommends customers running Astro Private Cloud use a minimum of two availability zones for the nodes of the underlying cluster.

Customer Responsibilities

Astronomer recognizes that security is a shared responsibility between Astronomer and its customers. While Astronomer manages the security of the platform and underlying infrastructure, customers are responsible for managing security within their own use of the platform.

To that end, customers are expected to:

• Manage user accounts, API keys, role assignments, and privileges within their organizations and workspaces.
• Use strong passwords or implement a federated identity provider for authentication.
• Designate authorized points of contact for coordination on sensitive requests.
• Ensure the security and quality of code within their data pipelines, including custom plugins and dependencies.
• Validate the accuracy and completeness of data within their environments and any systems impacted by their pipelines.
• Notify Astronomer promptly of any security or operational incidents they become aware of.
• Implement network-level controls, such as IP allowlisting or private connectivity, when handling sensitive data.
• For a full overview of Astronomer's shared responsibility model, visit the Trust Center.

For additional information, consult our product documentation. Please contact us at security@astronomer.io with any questions or concerns.