Skip to main content

Security Shared Responsibility Model

Security is a team effort and we are more successful together. This document is intended to provide information about where we rely on our cloud service providers (“CSP”) to provide security controls, where we manage security, and what you can do to improve security of your services with us. Read on to see how we are with you for every step in your journey.

Cloud Service Provider Responsibilities

We rely on CSPs, including Amazon Web Services (“AWS”), Google Cloud Platform (“GCP”) and Microsoft Azure, to provide, configure and review physical security and environmental controls of our hosted environments. They also provide security of compute, storage, and network resources we leverage to provide our service.

ClickHouse Responsibilities

In addition to security layers provided by CSPs, we securely configure and monitor operating systems, network resources and firewalls that support our services. We also manage infrastructure and application identity and access management of our internal users, and configure our systems to provide encryption in transit and at rest.

Dedicated Security Team

We have a dedicated team of security experts that configure security settings, review alerts and respond to security incidents. Our team uses industry leading tools to monitor for vulnerabilities, misconfigurations and threats. We also have incident response playbooks and practice them. Want to help us out? Tell us about any vulnerabilities you may find by following the responsible disclosure steps in our Security Policy page.

Development Security

Security is part of everyday operations. Our engineering teams utilize static code and software composition analysis scans to identify vulnerabilities in our code or third party libraries and they run automated “fuzzing” to identify unexpected issues.

Third Party Assessments & Compliance

We utilize independent experts to perform penetration testing, internal and external audits of our services. Need to demonstrate compliance for your cloud workloads? We can help you with that! We maintain SOC 2 Type II and ISO 27001 compliance. Visit our Trust Center at to request copies of these reports.

Customer Responsibilities

ClickHouse Cloud was built with security in mind. We provide a number of features to enable you to meet your security objectives. Always check with your security and compliance teams to determine the best combination of settings for you.

Cloud Console

Our cloud console allows you to manage users and some security settings of your services.

Identity & Access Management

Security Logging

  • Console activities are logged and the audit log is available for review

Geographic Control

Network Control

Transparent Database Encryption


ClickHouse Services

ClickHouse Services (databases) provide additional levels of control.

Identity & Access Management

Security Logging

  • Session and query logs are recorded within each database and are available for review

Data Retention

Field Level Encryption