Blog

Security: encryption, audit, and protection

Security is the set of controls that protect the governed data product in transit, at rest, and in use. Here’s what it is, how it’s made with explicit examples, and why it’s the final pillar of a complete governed data product.

What it is

Security is the “is this data protected?” layer of a governed data product. It covers encryption (at rest and in transit), access control (who can see what — often implemented via governance), audit logging (who accessed what and when), and optionally data residency or isolation (e.g. “EU data stays in EU”). Without security, context that’s rich and consumable can still be exposed or misused. In Loxtep, every governed data product is designed with security in mind so the context we deliver is protected end to end.

How it’s made

Security for a governed data product is implemented and documented as follows:

  • Encryption. Data at rest is encrypted (e.g. AES-256) in the stores that hold the asset (e.g. object store, database). Data in transit is protected with TLS for all API and pipeline traffic. Keys are managed via a secure key store (e.g. AWS KMS); key rotation and access to keys are logged. The asset’s metadata can state “encryption: AES-256 at rest, TLS 1.3 in transit” so consumers and auditors know the baseline.
  • Access control. Access is enforced at the consumption layer (and at pipeline layer for writes): every request is authenticated (e.g. JWT or API key) and authorized against the asset’s governance policies. Denied requests get 403 and are logged; no data is returned. So “security” and “governance” work together: governance defines who can do what, security enforces it at runtime.
  • Audit logging. Every access to the asset (and every change to the asset’s definition or pipeline) is logged: who, when, what (e.g. GET /context/orders/4821), and optionally result (success/denied). Logs are retained according to governance retention and are available for compliance and incident response. So you have a full trail of “who saw what context.”
  • Residency and isolation (optional). For regulated or multi-region deployments, the product can be tagged with residency (e.g. “EU”) so that storage and compute stay in the right region. Isolation (e.g. per-tenant encryption keys or separate stores) can be configured so one tenant’s context is never mixed with another’s.

Example security metadata for a governed data product:

{
  "security": {
    "encryption": {
      "at_rest": "AES-256",
      "in_transit": "TLS 1.3",
      "key_management": "KMS; rotation 90d"
    },
    "access_control": "Enforced at API and pipeline; see governance.access",
    "audit": {
      "access_logged": true,
      "retention": "7y",
      "fields": ["actor", "timestamp", "resource", "action", "result"]
    },
    "residency": "US (default); EU available for tagged assets"
  }
}

In Loxtep, security is applied platform-wide (encryption, TLS, KMS) and per-asset (governance + audit). When you define a governed data product, you get these controls by default; residency and isolation can be set when required.

Why it matters for governed data products and AI

Context that contains customer, order, or financial data must be protected. By making security a first-class part of the governed data product story, you ensure that the context you build and deliver is encrypted, access-controlled, and auditable. For AI, that means the model receives context through a secure, logged channel — and you can prove who had access to what. In Loxtep, every governed data product is built with security so the context we deliver is not only useful but safe.