Modal's Security Best Practices
Last updated August 26, 2024
Modal is committed to providing a secure and reliable platform for your machine learning workflows. This article outlines security best practices to ensure the protection of your data, code, and models within the Modal environment.
General Security Principles
- Least Privilege: Grant only the necessary permissions to users and systems, adhering to the principle of least privilege. This minimizes the potential impact of compromised accounts or unauthorized access.
- Regular Security Updates: Keep your Modal platform, operating systems, and related tools up-to-date with the latest security patches to mitigate vulnerabilities and ensure a secure environment.
- Data Security and Encryption: Modal employs data encryption at rest and in transit to protect your sensitive data. Understand how Modal encrypts your data and leverage its security features to enhance protection.
- Strong Passwords: Use strong and unique passwords for your Modal account and other services used in conjunction with Modal. Implement password managers to store and manage passwords securely.
- Two-Factor Authentication (2FA): Enable 2FA for your Modal account to prevent unauthorized access, even if your password is compromised.
Securing Your Modal Projects
- Access Control: Configure granular access control policies for your Modal projects to restrict access to specific users and groups. Avoid sharing your account credentials.
- Network Security: Configure network security groups to restrict incoming and outgoing traffic to your projects, limiting potential attack vectors.
- Secure Code Practices: Implement secure coding practices to prevent vulnerabilities like cross-site scripting (XSS) or SQL injection.
- Data Backup and Recovery: Maintain regular backups of your data and models to prevent data loss in the event of a security incident or system failure.
Best Practices for Data Handling
- Data Minimization: Only store and process data that is strictly necessary for your machine learning tasks.
- Data Redaction: Redact or disguise sensitive data before storing or processing it in Modal, whenever possible.
- Data Retention: Establish clear data retention policies to delete sensitive data when it's no longer needed.
- Data Governance: Ensure that your data handling practices comply with relevant regulations and privacy laws (e.g., GDPR, CCPA) to maintain compliance.
By adhering to Modal's security best practices and implementing robust security measures, you can mitigate risks, protect your valuable data and models, and build secure and reliable machine learning solutions.
Was this article helpful?