Introducing more granular data access control and compliance-readiness in Redpanda Cloud

ByDoug FloraPraseed BalakrishnanonSeptember 26, 2023
What’s new in Redpanda Cloud: customer-managed VPC, SOC2

Last year we launched Redpanda Cloud, our easy-to-use, powerful, and cost-efficient streaming data service. Redpanda Cloud delivers upgrades and patching with zero downtime, data and partition balancing, and 24/7 support with a 99.9% uptime SLA. Since the launch, our Cloud engineers have been hard at work fine-tuning the service’s performance, security, reliability, and developer experience.

We also introduced several paradigmatic updates, like Redpanda Bring Your Own Cloud (BYOC) clusters. Redpanda BYOC has helped set the tone for the future of cloud, by blending the operational benefits of a fully managed service with the data sovereignty and cost-efficiency benefits of self-managed deployments.

Today, we’re announcing even more granular data access control and compliance-readiness for Redpanda Cloud, with updates including:

  • New customer-managed VPC deployments for Redpanda BYOC, allowing deployment of managed Redpanda clusters in existing VPCs. This gives the customer more control over network configuration to help meet their specific security and governance needs. Available today for GCP, with AWS availability to follow.

  • SOC2 Type 2 Attestation added to our compliance posture.

Let’s take a closer look at these improvements and what they mean for Redpanda Cloud customers.

Customer-managed VPC

One of our chief focuses with Redpanda Cloud has been to deliver a fully managed service that still enables customers to achieve their compliance, data sovereignty, and data privacy goals.

This was the thinking behind our BYOC deployment model. By cleanly separating the data plane from the control plane, BYOC ensures that the user’s data and underlying security credentials are stored on the user’s cloud infrastructure, rather than on Redpanda’s. Since its release, BYOC has become an increasingly popular deployment option among Redpanda customers.

To date, Redpanda BYOC has been deployed using the Redpanda Cloud agent to create a new VPC within the customer’s account. This happens via a secure 2-step process using Redpanda’s CLI tool, rpk:

  1. The customer bootstraps a virtual machine (VM) in their own VPC. This VM spins up the Redpanda Cloud agent and the required infrastructure.

  2. The agent communicates with the Redpanda Cloud control plane to pull the Redpanda cluster specifications.

A standard Redpanda BYOC deployment
A standard Redpanda BYOC deployment

The standard BYOC deployment is designed primarily for a “hub and spoke” cloud governance model, where organizations often dedicate an account for Redpanda with wider permissions, and use network interconnectivity options to connect applications to their Redpanda cluster VPC.

However, some organizations use a “shared VPC” model where all their resources share the same VPC for better connectivity. These organizations often have restrictions on the creation of network resources, service accounts, and/or IAM configurations in their shared VPC.

We wanted BYOC to be flexible to meet specific requirements like these, so we created the customer-managed VPC deployment. Customer-managed VPC allows customers to deploy fully managed streaming data clusters inside their existing VPC environments. In this model, the customer specifies an existing VPC and service account when creating Redpanda. The Redpanda Cloud agent doesn’t create any new resources or alter any settings in their account.

A customer-managed VPC deployment
A customer-managed VPC deployment

Customer-managed VPC deployments are an elegant option for organizations whose security policies prevent service providers from creating VPCs in their organization’s cloud accounts. This deployment option also requires lower access management privileges, meaning customers can maintain more control over their own VPC account. These limited privileges help organizations to comply with cloud security and governance policies.

Customer-managed VPC is available on GCP today, with AWS availability coming soon.

Take Redpanda Cloud for a spin ☁️

Fully-managed Redpanda clusters—in your cloud or ours.

SOC2 Type 2 compliance

Redpanda Cloud has expanded its compliance posture to add SOC2 Type 2 Attestation, which evaluates the effectiveness of controls over time. Hooray!

SOC2 is an audit report based on an independent audit conducted by a certified public accounting (CPA) firm. SOC2 compliance demonstrates not only that a software company takes data security and privacy seriously, but also that it has the necessary controls in place to protect its customers’ data.

Get compliance-ready with Redpanda Cloud

Redpanda firmly believes developers should control the data they produce — but this isn’t always a given in the cloud-first era. These upgrades mark yet another milestone in our mission to ensure our customers can once again control their data —whether that’s in their own cloud or ours — and can meet their data sovereignty, privacy and compliance obligations (without the heavy lifting).

Welcome to the next step in the future of cloud.

To get started, sign up for a free trial of Redpanda Cloud or grab the free Community Edition from our Redpanda GitHub repo. If you have questions about the latest updates or just want to chat with our team, join our Redpanda Community on Slack.

Let's keep in touch

Subscribe and never miss another blog post, announcement, or community event. We hate spam and will never sell your contact information.