Data Security and Durability

The HERE Open Location Platform protects your data through security and durability practices.

Security

The HERE Open Location Platform utilizes industry-standard data security best practices to protect your data:

  • Data stored at rest in versioned layers, stream layers and index layers is encrypted using AES-256, a strong, proven, block cipher. This data protection includes data which has been persisted per the Time to Live (TTL) setting. Data stored in volatile layers is not encrypted.
  • Data in transit between OLP and your applications is encrypted using the TLS 1.2 cryptographic protocol and the strong AES-256-GCM cipher.
  • Within OLP, data in transit is also encrypted using TLS 1.2. Additional or different protection mechanisms are employed as needed.
  • HERE secures the OLP website and API endpoints with trusted certificates issued by a well-known Certificate Authority (CA) and signed using a SHA-256 algorithm.

If you intend to cache private or sensitive data on an edge device, be aware that the data may be cached on the device without any protection. So, when the data is uploaded to OLP, the data owner should encrypt any sensitive data before it is uploaded. This way, when the encrypted data is downloaded from OLP to an edge device, it is cached in encrypted form. The application on the edge device can then decrypt the data and consume it, but the data is protected while cached.

Durability

Your data is protected from loss due to corruption or system failure. The degree of durability depends on the layer type.

Versioned Layers

Versioned layers are designed to provide 99.999999998% durability of data (both blob data and metadata) over a given year. This durability level corresponds to an average annual expected loss of 0.000000002% of data partitions. For example, if you store 10,000,000 partitions in OLP, you can on average expect to incur a loss of two partitions once every 10,000 years. OLP data is located in a single region (EU-West) by default, and Versioned data is stored redundantly on multiple devices across a minimum of three independent network and power domains within that region.

Index Layers

Index layers are designed to provide 99.999999998% durability of data over a given year. This durability level corresponds to an average annual expected loss of 0.000000002% of data partitions. For example, if you store 10,000,000 partitions in OLP, you can on average expect to incur a loss of two partitions once every 10,000 years. OLP data is located in a single region (EU-West) by default, and Index data is stored redundantly on multiple devices across a minimum of three independent network and power domains within that region.

Volatile Layers

Volatile data is temporal. Existing data is overwritten every time new data is written to a partition. Data redundancy depends on the layer configuration option selected:

  • For multi-instance configured layers, data/metadata is stored redundantly on multiple devices across a minimum of three independent network and power domains within a single region. Failure of one device would be recovered by another.
  • For single-instance configure layers, data/metadata is stored only once on a single device within a single region. Failure of this device may result in irrecoverable loss of data.

For more information on volatile layer data redundancy, see Data Redundancy

Stream Layers

Stream data is replicated across multiple devices and across three independent network and power domains within a single region (EU-West). Failure of one device will be recovered by another. Additionally, stream data is always written to an underlying filesystem. You can set how long this data is retained in the filesystem by using the TTL (Time To Live) setting. A best practice is to configure the stream data TTL long enough to ensure that data is not dropped in the event of a consumer group interruption (e.g. a pipeline restart) and while corrective actions are taken.

In addition to these data redundancy measures inside OLP, the recommended best practice is to ensure regularly tested backups exist. Secure data backups, in the form of one or more duplicate catalogs, can be assigned a narrower set of permissions to further limit who can delete those backups.

results matching ""

    No results matching ""