IT Teams and Security

The architecture and design of Saturn Cloud from an IT security perspective, including deployment methods for complying with different security requirements

Below are some common reasons why IT Security teams choose Saturn Cloud. We also provide an overview of our most popular security features and examples of our high-security deployments.

Isolation within your AWS account

Security is the primary motivation for teams to move from Saturn Hosted (which runs in our AWS account) to Saturn Enterprise. Saturn Enterprise is installed within your AWS account, and you can customize the VPC where Saturn Cloud is deployed. This allows the use of VPC peering and Transit Gateways to connect Saturn Cloud to other parts of your infrastructure.

Network security

For security-conscious customers, we recommend deploying Saturn Cloud within private subnets of your VPC so it is accessible only through your VPN. This ensures that external parties cannot access your Saturn Cloud installation.

In addition to limiting ingress, you can also limit egress for your data science team using transparent proxies or by disabling internet access entirely. In that case, you will need on-premise mirrors of conda, pypi, and CRAN repositories.

For additional Enterprise security topics: No‑egress deployments, Hardening guidance.

IAM security

Saturn Cloud uses IAM roles to manage your instances. We can work with you to scope access permissions to the bare minimum. You can also modify the trust relationship so we only have access during authorized updates and support requests. For customers that require it, you can cut off Saturn Cloud’s access entirely and handle installation and upgrades via Zoom, Google Meet, or Microsoft Teams.

SSO

Saturn Cloud uses Auth0 to connect to your existing identity provider (IDP). Regardless of which IDP you use, Saturn Cloud can integrate with it. If you’d like to set up SSO, please reach out to support@saturncloud.io to discuss your configuration.