AgileAssets does not allow clients to access AgileAssets hosted databases for the following reasons:
- Shared access makes the database less secure as it is no longer possible for AgileAssets to control all security procedures including how, where, and with what measures the database is accessed.
- Providing access makes each client liable for any changes made. Since clients aren't required to follow our security rules or data quality guidelines, it increases the possibility of quality and performance issues within the database.
- Oracle databases are hosted on a shared server, in separate partitions, however providing access to them incorrectly could potentially expose other client's data.
- Due to SaaS products being hosted in the cloud, granting database access introduces new security risks since ports need to be opened to facilitate database connections.
- Write access is typically denied for all Production databases because of the high impact of any changes either accidental or intentional and the risk of data loss.
- The database structure is proprietary to the product, so database access can compromise our IP.
- Shared access also adds to administrative overhead and the possibility of confusion. Passwords must be updated and that information must be communicated and any issues with the changes resolved by our team.
- Shared access is an obstacle to compliance with IS 27001, NIST, and SOC 2 Type 2 certifications.
Instead, the preferred means to access data is through our APIs which are secured with named user accounts and robust authentication policies.
