Neo4j Cloud Security

Run Your Graph-Based Applications Securely in the Cloud

We take security seriously. Our experienced team of security practitioners work across disciplines, such as security engineering, security assurance, risk, and compliance to ensure you experience world-class security features and your data is protected against all threats – today and in future.

Neo4j Aura is a fully managed graph data platform in the cloud offered by Neo4j that includes Neo4j AuraDB, graph database as a service
and Neo4j AuraDS, graph data science as a service.

Information Security Program

Neo4j maintains an information security program with a comprehensive set of organizational and technical measures based on industry-accepted security and compliance frameworks that ensures the safety of customer data stored in Neo4j Aura.

Certification and Compliance

As an ISO 27001 certified organization, Neo4j is committed to security and compliance with industry and internationally accepted frameworks. Neo4j is currently in the process of SOC-2 Type 1 compliance.

Data Privacy

Neo4j takes the privacy of users personal data seriously and complies with data protection laws and regulations, such as the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) throughout our services.

Our privacy policy is at https://neo4j.com/privacy-policy/ and our Data Protection Officer (DPO) can be reached at dponeo4j@neo4j.com.

Shared Responsibility

Cloud security requires all parties to participate in the security process. Neo4j leverages reputable third-party cloud service providers to provide trusted commodity infrastructure and services. From there, Neo4j develops and implements the Aura service on this trusted infrastructure using secure practices for development and deployment. The customer is then responsible for the security of accounts, data, and access management of their Aura instance.

Trusted Infrastructure

Neo4j AuraDB runs on Google Cloud Platform (GCP) and Amazon Web Services (AWS) and Neo4j AuraDS runs on Google Cloud Platform (GCP). GCP and AWS’ global-scale infrastructure and defense-in-depth security model of physical, logical, and technical controls provide a trusted platform for Neo4j AuraDB and your critical data. GCP and AWS further maintain a variety of certifications including SOC-2 and ISO2 27001 to name a few.

For a comprehensive list of all GCP’s compliance offerings, please go to: https://cloud.google.com/security/compliance

For a comprehensive list of all AWS’ compliance offerings, please go to: https://aws.amazon.com/compliance/programs/

VPC Isolation1

Your Neo4j AuraDB database instances and service components are deployed in a separate Virtual Private Cloud (VPC) with dedicated cloud infrastructure.

Encryption Everywhere

Your data is encrypted in flight and at rest. All network traffic, even within the service infrastructure, is encrypted using the latest Transport Layer Security (TLS) and associated cipher suites.

Data stored in the Aura service, including backup snapshots, is encrypted at rest using the Advanced Encryption Standard (AES) and key management that is provided by GCP or AWS as appropriate.

Role- and Schema-Based Granular Access Control1

Neo4j AuraDB supports multiple users and granular access controls with a role-based access control framework.

Additionally, within the graph itself, Neo4j enforces a schema-based security model that allows data managers to fine-tune least privileged access for users to specific parts of the graph to prevent data spills and other unauthorized access.

Vulnerability Management

Neo4j supports responsible disclosure when it comes to security vulnerabilities and encourages Neo4j users and independent security researchers to contact us privately to report on security vulnerabilities and issues related to our products and hosted services.

To get in contact with our security team or to report an issue, please go to: https://neo4j.com/security/

Vendor Management

Neo4j has implemented a vendor management program where our security team regularly reviews the security and compliance posture of our vendors and processors for the protection of customer data and or personal information.

Manageability and Traceability

Neo4j captures and analyzes the audit and security logs from all components of its Aura service. These logs are monitored in real time for security vulnerabilities on an ongoing basis and are archived for later review and analysis as needed.

Resilient and Reliable

AuraDB is built on a self-monitoring and self-healing architecture. With its fault-tolerant design, AuraDB guarantees high service availability guarantees high service availability guarantee of 99.95%,1 and automatically and instantly heals from component or infrastructure failures. Additionally, Neo4j AuraDB leverages a multi-availability zone (AZ) infrastructure,1 automated encrypted backups, zero-downtime system upgrades, and durable storage with multi-level data protection to ensure that your information is protected and available when you need it.

To check the current status of the Neo4j AuraDB Service, please go to: https://neo4jaura.statuspage.io/

Whitepaper

Learn more about Neo4j Aura's security controls and features including data security, access controls and Neo4j’s security policies and practices.

Get the White paper: https://neo4j.com/whitepapers/neo4j-aura-security/

1Applies to AuraDB Enterprise Tier of Service