Hi.
The popularity of KNIME slowly spreads in organization where I work. But, few days ago I was asked by one of the managers about data security. The question was stated in form like ‘Because KNIME is open source software, then what proof do we have that data we process not be intercepted by others?’.
I do a little google reasearch, but I didn’t found many information.
I have found a decision matrix on U.S. Department of Veteran Affairs (https://www.oit.va.gov/services/trm/ToolPage.aspx?tid=11273&tab=2#) and a source code on github.
I also read https://www.knime.com/knime-open-source-story
Is KNIME is audited in case of data security?
Is there any security tests?
Actually, because KNIME is open source one can easily inspect the code and make sure no data is intercepted. You can never do that with proprietary software.
We guarantee that the code that we maintain does not send around processed data - the only (usage!) data that we collect is (a) clearly communicated and (b) only used to provide node recommendations. You can easily disable that option and you can actually look at the code that does the sending back so everybody can validate our claims.
connections to any database you might deliberatly contact (Big Data cluster etc.)
Can anybody think of other items? And is there something like a list what to check if your internal security and privacy would want to make sure that everything is save? It would be great if KNIME could expand the FAQ or write an article about that.
I can add that the Vernalis Nodes do not send anything back to Vernalis (again, as @berthold commented, you can check the source code if you are so inclined), but as @mlauber71 has also raised, various of the nodes do send some sort of query to webservices. Wherever available, they use https in preference to http, but obviously it us up to the remote server what they do with whatever request is sent.