Trusting Fauna
Matt Arthur|Nov 8th, 2021
The choice of a database layer is critical to the success of a modern web application and requires absolute confidence in not only the datastore’s security and performance, but also in open communication about system status and incidents. In today’s blog post we present the key factors that underpin our customers’ trust: authentication and authorization, confidentiality, availability and integrity, scalability, no-operations, and transparency and communication. Let’s dive into each area that sets Fauna apart:
Authentication, authorization, and access control:
Fauna offers a robust first-party authentication system and integration with with leading third-party security providers Okta and Auth0 to provide native authentication services through current leading token approaches. Having complete confidence in the access boundary of the database is foundational and Fauna embeds authentication by default for both first and third-party approaches, removing a major point of concern.
Once authenticated, Fauna offers pre-defined roles governing authorization within the database which we built based on our experience with SaaS datastores, supplemented by the ability to create custom roles governing which data an authenticated user or application service account can access or modify.
Further, Fauna has extended traditional role-based access control (RBAC) to a full-featured system known as attribute-based access control (ABAC). With ABAC, access can be granted or denied to an application or user based on any data attribute within the document, the context of the transaction or attributes of the user. This fine-grained and flexible approach to privilege control is a powerful and unique security feature that not only eases compliance with major regulatory regimes but also solves the need-to-know approach to data access.
Confidentiality
In addition to the access controls outlined above, we have also worked to obscure our users’ data throughout its lifecycle from creation through storage and en route to applications. Fauna protects data in transit and at rest by ensuring it is always encrypted, even during node-to-node transfers within the internal Fauna network.
Availability and integrity
As a distributed datastore, Fauna replicates data across multiple nodes of the data storage cluster through application of the Calvin algorithm. The clusters span multiple geographically-distributed datacenters with each node capable of serving accurate data even in the unlikely event that one or more of the other cluster nodes are unavailable. Data replication is handled automatically and Fauna’s native integrity guarantees ensure that even during an outage the API will serve accurate data to the downstream application.
Further, the temporality function serves as a time machine. With temporality configured data can be recovered following application write errors and it also allows for auditing of actions.
An additional advantage of distributed storage is low-latency access for the application. Fauna offers several distribution strategies within the region groups framework. In addition to a fully global cluster, applications can be served by dedicated European or North American servers for extremely low-latency data delivery.
Scalability
Unlike many modern distributed databases, Fauna scales on demand to provide unlimited capacity without changes to application code. Capacity is provided transparently without preset limits allowing for immediate scalability in response to application traffic without the need to pre-prepare or pre-stage capacity.
No-Ops
In addition to the classic security triad of confidentiality, integrity, and availability, Fauna’s data API removes the operational burden and, with it, the potential for operational error. Fauna has no clusters, servers, or containers to manage, no patching or upgrades to prepare, test, and execute, and no shards to provision and manage. Data is replicated automatically and throughput scales thanks to the data API’s use of the https protocol.
Removing operational activities removes operator error as a security flaw. Exposing the data as an API allows frictionless interactions with the datastore without provisioning or configuration provisioning-free, configuration-free and available instantly as a serverless utility that provides limitless capacity.
Transparency and communication
Fauna is committed to being open and honest with our customers to continuously build mutual trust and understanding across all levels of the organization. We pride ourselves on acting with integrity and keep all Fauna customers informed via status.fauna.com, where we maintain a comprehensive incident history and real-time reports on our operational status.
Get started with Fauna
The underlying globally distributed storage and compute engine is fast, consistent, and reliable, built on a modern security infrastructure. Fauna future-proofs your applications so you can expand globally without changing application code.
Itself a serverless offering, Fauna is easy to adopt and lets you experience freedom from database operations at any scale. Never again worry about data correctness, sharding, capacity, replication, latency, or cluster management.
To learn more about Fauna’s data API or create a new database, sign-up for free and get started instantly. Sign-up now.
If you enjoyed our blog, and want to work on systems and challenges related to globally distributed systems, serverless databases, GraphQL, and Jamstack, Fauna is hiring!
Subscribe to Fauna's newsletter
Get latest blog posts, development tips & tricks, and latest learning material delivered right to your inbox.