Security Aspects of Data Quality Monitoring¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Alation Data Quality uses a large language model via Amazon Bedrock to recommend data-quality checks based on Alation Data Catalog metadata. Your data is private, secure, and encrypted, and never used for model training. All communications are secured with AWS PrivateLink and TLS 1.2 encryption.
Data Privacy¶
Alation Data Quality suggests checks for data assets based on the extracted metadata in Alation Data Catalog via Amazon Bedrock.
It doesn’t directly access your data assets for recommending checks and your data is:
Not used to improve the base models.
Not shared with third-party model providers.
Always encrypted in transit and at rest.
If your instance is configured to use AWS PrivateLink, Alation establishes private connectivity between Amazon Bedrock and your Amazon VPC, adding an extra layer of security so traffic does not traverse the public internet.
Any customer content processed by Amazon Bedrock is encrypted and stored at rest in the AWS region where you use the service.
Amazon Bedrock incorporates automated abuse detection to identify and address potential breaches of AWS’s Acceptable Use Policy (AUP), Responsible AI Policy, and any third-party model provider’s AUP.
User input and model output are processed automatically with no human oversight. To learn about the automated mechanisms for detecting abuse, refer to the Amazon Bedrock abuse detection documentation available on the AWS website.
Geographical Availability¶
This section outlines the geographical availability, including the regions where these features are supported and the routing of service requests. Alation Data Quality depends directly on AWS Timestream availability. Alation Data Quality is currently unavailable in the following AWS Regions because Amazon Timestream is not available there: Canada (Montreal), Asia Pacific (Singapore), and Asia Pacific (Mumbai).
Alation’s AI features are designed to be globally accessible, but the following considerations apply:
Compliance & Data Sovereignty: Global regions support local regulations and privacy laws.
Performance & Reliability: Reduced latency for real-time data quality monitoring.
Scalability & Resilience: Multi-region deployments support disaster recovery and geo redundancy.
Trust & Governance: By deploying Alation Data Quality in supported regions, customers benefit from end-to-end data lineage and agentic quality checks.
To broaden access, Alation employs cross-regional traffic routing to available regions. Service requests are initiated from the Alation Cloud Service VPCs to Amazon’s region-specific infrastructure, with TLS 1.2 encryption ensuring data protection via AWS’s private network. For details on regional availability, refer to Amazon Bedrock endpoints and quotas in AWS documentation.
The following table specifies the supported regions for Alation’s AI features and their corresponding target region routing:
Origin Region |
Target Region |
|---|---|
us-east-1 (US East, N. Virginia) |
us-east-1 (US East, N. Virginia) |
us-east-2 (US East, Ohio) |
|
ca-central-1 (Canada, Central) |
ca-central-1 (Canada, Central) |
us-west-2 (US West, Oregon) |
us-west-2 (US West, Oregon) |
ap-northeast-1 (Asia Pacific, Tokyo) |
ap-southeast-2 (Asia Pacific, Sydney) |
ap-southeast-2 (Asia Pacific, Sydney) |
|
eu-central-1 (Europe, Frankfurt) |
eu-central-1 (Europe, Frankfurt) |
eu-west-1 (Europe, Ireland) |
eu-west-1 (Europe, Ireland) |