Data Security Framework
At RunWhen, we prioritize customer data security and have implemented a number of industry best practices in this regard. We believe strongly in secure-by-design, which you will see throughout.
Data Types
Four Types Of Data - We separate the data that is both generated and consumed by RunWhen in to four categories:
Data Type | Highlights |
|---|---|
Source Code From Community Tasks | This open source material is sent to LLMs, and is the primary input for our AI algorithms. Mentioned here for intuition/completeness. |
Enterprise Configuration Data | Enterprise Configuration Data is reviewed before upload to ensure it does not have any compliance/regulatory sensitive data, and stored in RunWhen datastores (tenant-specific git repository, database, tenant-specific Kubernetes namespace) . |
Enterprise Task Output Data | This material is considered highly sensitive, and is handled with specific end-to-end encryption directly to encrypted GCP buckets as tenant-specific files. |
Enterprise Task and SLI Metadata | This material is considered confidential but not highly sensitive. It is encrypted in transit, but stored and processed in the RunWhen platform using traditional databases. Some “opt-in” features currently in private preview send this data to either single-tenant or multi-tenant (RunWhen hosted) LLMs. Note these features require explicit configuration by both the user admin and the RunWhen team to avoid accidental use. |
Examples of each of these data types, and notes with respect to their handling, can be found below. A few highlight notes
Source Code From Community Tasks
Source code from open source community tasks is not considered to be enterprise sensitive. We note it here for completeness as this is the input to LLMs that are used in RunWhen's AI algorithms.
The RunWhen Web UI shows clearly which data is sent to LLMs (source code from open source tasks) and data is not (enterprise configuration data).
For context, RunWhen’s Digital Assistant algorithms are not based on LLMs. Instead, they are based primarily on massive scale knowledge graphs. LLMs are used in the construction of these knowledge graphs, but the only data sent back and forth during these steps is the community Task automation source code. Enterprise-specific configuration data is merged later in the pipeline, in workspace-specific versions of the graph that are entirely private. At runtime, the Assistant algorithms also take into account Task and SLI Metadata (see below).
Enterprise Configuration Data
The scope of enterprise configuration data is considered to be the *.yaml files that are stored in the private git repository corresponding to your workspace.
During the process of generating RunWhen configuration files (RunWhen Local Workspace Builder), all metadata used by the RunWhen Platform is available in the Workspace Builder UI for review before any data is uploaded to RunWhen. The configuration data that RunWhen consumes are fields from Kubernetes resource manifests or configuration values from Cloud Assets. It is very rare that these fields contain compliance or security-sensitive data.
Note that most products that do security scanning or cost optimization on cloud accounts and/or Kubernetes accounts are also built around processing this data. It is typically considered to be confidential, sensitive data but it is low-risk with respect to compliance/regulatory requirements in msot organizations. (The data is references to resources such as Kubernetes Namespaces, Deployments or tags used on Cloud VMs.)
Enterprise Task Output
When executing Tasks, the output is sent directly from the Local Runner to encrypted GCP buckets w with a write-only signed URL upload method. This approach ensures end-to-end encryption, encryption at rest and a high degree of tenant separation by removing any shared database access.
This data may briefly transit the RunWhen Platform when it is rendered in the user interface if a user access it. However, the data is never stored in the platform itself.
The content is available for audit at any time via REST APIs (Workspace authentication required) or an inquiry for a large scale export from the RunWhen DevOps team.
The user interface specifically notes all Task Output in shaded background with line numbers (see below).
An alternative to this approach, a feature called "bring-your-own-storage" is on the RunWhen roadmap.
Enterprise Task Metadata Is Stored and Process On The Platform
When executing Tasks, the output is sent directly from the Local Runner to encrypted GCP buckets w with a write-only signed URL
Enterprise Task and SLI Metadata Is Stored and Processed On The Platform - When executing Tasks, metadata about the Task is stored on the platform and consumed by Digital Assistants as part of their processing. (As noted above, this data is sent to LLMs only if both user admins and RunWhen team leads “opt in” to these features to prevent accidental use.)
This metadata includes:
Task start time, end time
Task completion / exit codes (success, failure and variants)
SLI Metrics generated during task execution
Issues generated during task execution (see right), including:
Title
Description
Severity
Author Recommended Next Steps
A dump of the database tables for these is available on request.
