Is Sympatic safe for my organization to use?

Sympatic is a secure system that allows you to provision safe environments for collaboration, ensuring data access without making copies. This streamlines the process for data scientists, who traditionally had to wait for the dev ops team to create single-use environments that may not have been fully vetted for safety.

‍

Where does the data usage occur?

Data usage occurs where the data is stored. A read-only path exists between the VirtualVaults and the data's location.

‍

Who has a copy of the data?

No one. The system virtualizes the data into the VirtualVault without creating any copies.

‍

Can my data be downloaded out of the VirtualVault?

No, the ability to download from the VirtualVault has been disabled.

‍

Does Sympatic have access to my data?

No.  Sympatic is designed to avoid creating new attack vectors for your data. As a result, Sympatic does not have the ability to enter a VirtualVault that you create, nor do they possess any extra keys or monitoring systems that would grant access to your data.

‍

Can I audit what is being done with my data?

Yes. As a data owner, you can view when the VirtualVault was created and when it was last accessed. While the VirtualVault is active, there is no way for the data owner to enter and observe its usage. However, once the analysis is complete, you will receive logs detailing what was done with your data.

‍

What can I audit and review as a data owner?

Yes. As the data owner, you can review the Output, Container Logs, Squid Logs (outbound traffic from the VirtualVault), and Nginx Logs (inbound traffic to the VirtualVault) upon the data user's completion of their task. You can also review the output and logs before deciding to share the results with the data user.

‍

Does Sympatic have access to my Cloud Credentials or S3 bucket credentials?

You provide Sympatic’s software with limited cloud credentials that allows you to instruct Sympatic software to create, manage and destroy VirtualVaults that reside in your cloud. 

‍

‍These keys are encrypted and stored on an encrypted volume on a machine that is not accessible via the internet. Sympatic does not have access to your data credentials (S3 bucket, database, etc). You provide these credentials directly to your VirtualVault so that it can connect to your dataset. These credentials never go through Sympatic’s servers and are never stored in our system.

‍

Can I allow access to sample data only and still have a result produced from the larger data set?

Yes! You can grant access to sample data for the data user to develop their algorithm. Once developed, a second, double-blind run can be initiated. During this run, neither the data user nor data owner can interact with the VirtualVault. The algorithm is deployed headlessly over the full data set without human intervention or visualization. After the run, the data owner can review the output through the typical review process before deciding to share the result.

‍

What ports are open when I am using Sympatic

The VirtualVaults are isolated compute environments. They are not created in any pre-existing VPCs. Sympatic creates a whole new VPCs with its own security rules. All the inbound connections are blocked with the exception of port 443 (HTTPS) for access to the VirtualVault’s web interface allowing users to interact with the VaultApp and port 8080 to allow connection to the container’s web interface.