Compliance and security by default
Enterprise-grade security wherever you deploy. Secure data, control access, and meet compliance standards across Materialize Cloud and Self-Managed.
Built-in security, however you deploy
Materialize's built-in security protects your data from ingestion to query, whether deployed in the cloud or on your infrastructure. Connect securely to data sources, control access with RBAC, and track key events for compliance and auditing.
Materialize core security features
Assign privileges at the user and role level to restrict access to databases, schemas, tables, and materialized views. Set default privileges for new objects to enforce consistent access policies.
The mz_audit_events system table automatically records create, alter, and drop operations for tables, views, and other objects, providing complete audit trails for compliance requirements. Track who changed what and when across your entire deployment.
Store sensitive credentials like passwords and SSL keys using SECRET objects. Contents cannot be retrieved after creation, protecting credentials from accidental exposure in connection strings and configurations.
Establish secure connections to Postgres, MySQL, and Kafka sources using SSH tunnels and bastion hosts. Keep databases off the public internet while enabling encrypted real-time change data capture.
Support for SSL encryption and SASL authentication mechanisms including PLAIN, SCRAM-SHA-256, and SCRAM-SHA-512. Store certificates and keys securely using SECRET objects to prevent credential exposure.
Cryptographically authenticate incoming webhooks using HMAC verification with shared secrets.
Fully-managed and SOC 2 Type II certified
Materialize Cloud is fully-managed and SOC 2 Type II certified, so you can meet compliance requirements without managing infrastructure. Each customer's environment is fully isolated, data is encrypted in transit and at rest, and we handle patching, monitoring, and incident response.
Compliance & certification
SOC 2 Type II certified with annual external audits validating security controls.
Infrastructure security
Tenant isolation, managed patching, and automatic security monitoring across all deployments.
Network & identity
SAML and OAuth 2.0 SSO, static IPs, and AWS PrivateLink for enterprise connectivity.
Materialize Cloud features
SOC 2 Type II compliance demonstrates controls for security, availability, and confidentiality. External auditors validate these controls annually.
Each customer deployment is logically partitioned with strict network access control policies and container sandboxing to prevent cross-tenant data access.
Materialize handles platform infrastructure security, vulnerability management, security monitoring, and incident response. Patches and upgrades are applied automatically with minimal downtime.
Manage users and service accounts through the Materialize Console. Configure authentication through Enterprise SSO integrations (SAML, OpenID Connect) for centralized access control.
All outbound traffic originates from a fixed set of IP addresses per region. Configure firewall rules and network access controls using predictable source addresses.
Restrict access to your Materialize region using IP-based network policies. Define CIDR rules to allowlist specific IP ranges for ingress traffic.
Available for enterprise customers requiring private connectivity to AWS services. Eliminate public internet exposure while maintaining high-throughput data ingestion.
Maximum control for demanding environments
For organizations with strict data residency requirements or air-gapped environments, Materialize Self-Managed gives you complete control over where your data lives and how it's secured. Deploy on your infrastructure, apply your security policies, and keep sensitive data inside your network — with all the core security features of Materialize.
Air-gapped deployment
Run in completely isolated environments with no external network dependencies.
Data sovereignty
Deploy in your data centers to meet data residency and compliance requirements.
Your policies, your control
Apply your organization's security policies, access controls, and audit requirements.
Deploy with confidence
Learn more about Materialize security, get started on-prem or in the Cloud, or talk to us about your security requirements.