Security has been in mind at Prefect since day one.

From our Cloud infrastructure to the systems and practices in place to protect your data and operations, security has been prioritized from the start. To learn more about these practices, please contact sales@prefect.io for our security white paper.

01

The Hybrid Model

Prefect’s hybrid model allows us to coordinate our users' dataflows in the comfort of their own environment, relying only on proprietary meta data to complete our job successfully. Data is transferred over an authenticated api, hosted by Prefect Cloud.

Prefect’s hybrid model allows us to coordinate our users' dataflows in the comfort of their own environment, relying only on proprietary meta data to complete our job successfully.
02

Customer Data + Environment

Prefect uses proprietary meta data to coordinate its workflows and collects logs specific to the execution. Prefect requires a minimum amount of customer data (name and email address) for user login and admin management. This data is retained for as long as necessary to fulfill the purposes for which it is collected.

Prefect may retain certain additional subsets of data at customer’s instruction

Secrets

Prefect provides the ability to store secrets in our Cloud that can be recalled in the workflow steps, using its Prefect native task library. Secrets are stored in a Google Cloud Project separate from our core processing platform with enhanced access limitations.

Logs

At the customer's instruction, customer data can be included in the workflow logging.

Blocks (Cloud 2.0 only)

Blocks provide the storage of configuration and interfaces to external systems. Each block document is encrypted by keys unique to each workspace.

03

Prefect Agents

Prefect agents are deployed in the customer environment, which poll for scheduled workflow jobs. Prefect does not require ingress access to the customer environment as the connection is opened outbound via the Prefect agent. We do not currently guarantee our endpoint's IP addresses.

04

Prefect Infrastructure

Storage + Encryption

All storage systems are encrypted with industry best practice algorithms. Data is encrypted at all times in transit and at rest with a minimum of TLS 1.2 enforced on all of our endpoints.

Server + Data Residency

Prefect does not maintain any physical data centers or servers. Our infrastructure is hosted in Google Cloud Platform (GCP). Prefect has a Data Processing Agreement with GCP and more details can be found here.

Prefect runs on GCP in the following regions.

Country

Region

Purpose

US

us-east1

Primary

US

us-central1

Backup and DR

Prefect is responsible for ensuring our infrastructure is up-to-date, with the most current security patches. Prefect continuously monitors for known vulnerabilities.

Prefect engages with a third party to conduct annual penetration tests and internally conducts annual disaster recovery simulations.

05

Authentication

Enterprise customers can set up a SAML 2.0 connection. All other customers can use Google/Github oauth or username and password. Prefect has further protections within a tenant where only members of your organization can log into your tenant based on domain.

06

Company Policies

Access to Systems

Prefect grants least privilege access to all systems and conducts (i) quarterly audits on critical systems and (ii) bi-annual audits on non critical systems. Access to Prefect systems is governed by an access request system and any changes to our system follow a change control process.

Where possible, access to Prefect systems is enforced with SSO. In all cases, platform and data systems have minimum password policies and enforce the use of multi factor authentication.

Prefect Employee Laptop Encryption

All Prefect employee laptops are encrypted and enforced using MDM.

Prefect undergoes a SOC 2 Type II compliance audit annually. The most recent report from the 2021 audit can be made available upon request.

Prefect undergoes a SOC 2 Type II compliance audit annually. Contact sales for more information on our report from the 2021 audit.

Questions? Caught a bug?

If you have any questions or concerns or want to report a bug or issue, please contact us.