Security in the Cloud
Tableau understands that data is among the most strategic and important assets an organization has. We put the highest priority on maintaining the security and privacy of our customers’ data. Tableau enterprise-level security features manage operational security, user security, application security, network security, and data security.
To learn more, see the following resources on Tableau's website (https://www.tableau.com(Link opens in a new window)):
If you sign in to Tableau Cloud using TableauID credentials, you can use them also to sign in to the Tableau website.
The Tableau Cloud infrastructure is hosted in a SAS-70 compliant data center that provides numerous controls and safeguards over customer data.
Your data is your own, even when stored in Tableau Cloud. Only your authorized users have access to data or workbooks stored in Tableau Cloud—Tableau employees and other Tableau customers do not.
Tableau does have access to and may monitor metrics that have to do with system utilization, account status, and performance.
The only people who have access to your site and content are the users that your site’s administrators have explicitly added to your site. If a user is no longer authorized in your system, simply remove that person’s user account to revoke access to Tableau Cloud and your content stored there.
Tableau Cloud enforces an idle user session timeout of 2 hours. This means that users will need to re-authenticate after not using Tableau Cloud for a period of 2 hours. The idle session timeout value is a system setting that cannot be modified.
Your Tableau Account provides secure, unified authentication to Tableau’s website and services.
Some of the security features of Tableau Accounts are:
User sign-in is secured by HTTPS.
Accounts are locked for a period of time after repeated unsuccessful sign-in attempts.
Accounts are validated by user email to prove identity.
Passwords are stored using cryptographic protection. Tableau employees and contractor do not have access to plain-text passwords.
Multi-factor authentication (MFA) can be enabled for accounts that use Tableau authentication (TableauID).
Tableau Cloud site administrators have the option of using your organization’s identity provider for added control and convenience of users. For more information, see Authentication.
Roles and Permissions
A role is a set of permissions that is applied to a project, workbook, view, or data source to manage user interaction. A wide range of specific permissions is available for each asset: view, create, edit, modify, delete, and more.
All communication between users and Tableau Cloud is encrypted using SSL for secure transmission of data. Tableau Cloud supports TLS 1.2 and higher. For more information about TLS support, see the Tableau Community(Link opens in a new window). A variety of encryption techniques ensure security from browser to server tier to repository and back. In addition, Tableau has many built-in security mechanisms to help prevent spoofing, hijacking, and SQL injection attacks, and it actively tests and responds to new threats with monthly updates.
The Tableau Cloud environment is hosted in a multi-tenant configuration providing separation of users, data, and metadata across customers.
Tableau Cloud eliminates the need to implement VPNs or tunnels into your corporate environment. Many data sources can be captured as extracts and then refreshed on a regular basis. To use automatic refreshes, you need to embed credentials in the connection information for the data source. For Google and Salesforce.com data sources, you can embed credentials in the form of OAuth 2.0 access tokens.
You can define additional security in your workbooks and data sources by adding user and data source filters. Tableau also provides a User Filter capability that can enable row-level data security using the user name, group, or full name of the current user. User filters allow you to set a filter on your data based on the identity of the person viewing the data. For example, the Western Sales Director could see results for sales in the West but not for other regions. You set user filters when you publish workbooks and data sources from Tableau Desktop.
For information on the alternatives you can use to implement row-level security in Tableau, see an Overview of Row-Level Security Options in Tableau.
Tableau Cloud is compliant with the Health Information and Portability Accountability Act (HIPAA) and can be provided in a HIPAA-compliant manner to meet the needs of health care and life sciences users. For more information, review the “Tableau Cloud and HIPAA Security Rule” white paper on the Salesforce Trust | Compliance(Link opens in a new window) site.
Tableau Cloud is hosted on Amazon Web Services (AWS) and is structured so that you can choose the region where your site, and its data, is stored. As a new customer, you can select one of the following regions during the site setup process:
If needed, you can migrate your existing site to a different region through the site migration process. Contact your Tableau Sales Account Manager to request this change. For more information, see Tableau Cloud Environment Migrations Using the Content Migration Tool(Link opens in a new window) in the Knowledge Base.
Your site is backed up in the selected region on a regular basis. You can verify your site location by signing in to Tableau Cloud, noting the host name at the beginning of the URL, and then comparing it to the Site Location column in Tableau Cloud IP addresses for data provider authorization. For example, URLs that begin with 10ax, 10ay, 10az, us-west-2b correspond to the US West - Oregon region. Data corresponding to a site in the US-West Oregon region is stored and backed up in Oregon.
- To request a new site, fill out this web form(Link opens in a new window).
- For more information about the Tableau Cloud maintenance schedule, see Tableau Cloud System Maintenance.
User Filtering(Link opens in a new window) (Tableau Help)