Spawn is a hosted service currently running entirely within AWS infrastructure. At the moment, we operate Spawn from the London data center. Please contact us via email or ask us directly in our Slack workspace if you'd like us to operate Spawn in multiple regions.
All spawn resources (data images and data containers) are stored in the Spawn cloud which is a multitenant service. Here’s what we do to protect your data:
- All user data and running instances are isolated from each other through industry-standard approaches:
- Process and filesystem containerisation of running workloads
- Network isolation between running workloads
- Connections to the Spawn API use OpenID Connect authentication and JSON Web Tokens to ensure users only see their own data images and containers
- Therefore, users may only see and connect to their own data images and data containers
- Access to data or workloads that are not associated with your user is prohibited through the isolation measures described above
- Data containers only accept connections on a randomly-allocated TCP port (though you should not rely on this alone for security)
- Connections to running data containers are enforced through TLS, and non-encrypted connections are not permitted to ensure secure transmission of data between users and their Spawn data containers
- Data containers created from data images are always configured with unique, cryptographically generated random passwords, but you should ensure any additional SQL user accounts you create have strong passwords
If you have any questions, please contact us via email or ask us directly in our Slack workspace.