Data security concerns

Hi.
The popularity of KNIME slowly spreads in organization where I work. But, few days ago I was asked by one of the managers about data security. The question was stated in form like ‘Because KNIME is open source software, then what proof do we have that data we process not be intercepted by others?’.
I do a little google reasearch, but I didn’t found many information.
I have found a decision matrix on U.S. Department of Veteran Affairs (https://www.oit.va.gov/services/trm/ToolPage.aspx?tid=11273&tab=2#) and a source code on github.
I also read https://www.knime.com/knime-open-source-story :smile:

Is KNIME is audited in case of data security?
Is there any security tests?

Thanks.

1 Like

Actually, because KNIME is open source one can easily inspect the code and make sure no data is intercepted. You can never do that with proprietary software.

We guarantee that the code that we maintain does not send around processed data - the only (usage!) data that we collect is (a) clearly communicated and (b) only used to provide node recommendations. You can easily disable that option and you can actually look at the code that does the sending back so everybody can validate our claims.

Michael

8 Likes

I got a quite similar question about KNIME sending data to outside sources and I am glad about this statement.

I came up with a list of occasions where KNIME would communicate with outside sources and my point was that they are all easily managable:

  • KNIME feedback of usage (that one can turn off)
    https://www.knime.com/faq#usage_data
  • the public example server (if you log in)
  • node updates thru the various update sites (http://update.knime…)
  • connections to any database you might deliberatly contact (Big Data cluster etc.)

Can anybody think of other items? And is there something like a list what to check if your internal security and privacy would want to make sure that everything is save? It would be great if KNIME could expand the FAQ or write an article about that.

2 Likes

I can add that the Vernalis Nodes do not send anything back to Vernalis (again, as @berthold commented, you can check the source code if you are so inclined), but as @mlauber71 has also raised, various of the nodes do send some sort of query to webservices. Wherever available, they use https in preference to http, but obviously it us up to the remote server what they do with whatever request is sent.

Steve

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.