Glossary
Vector Database Security
Vector Database Security
Terms related to access control, encryption, and multi-tenant isolation for vector data. Target: Security Engineers, CTOs.
Access Control List (ACL)
An Access Control List (ACL) is a security mechanism that specifies which users or system processes are granted access to specific objects, such as vector database collections or indexes, and what operations are allowed on those objects.
API Key Authentication
API Key Authentication is a method of verifying the identity of a client application or user by requiring a unique cryptographic key to be included in the header of each request to a vector database's API.
Audit Logging
Audit Logging is the process of recording a chronological sequence of security-relevant events, such as data access, queries, and administrative changes, within a vector database to support forensic analysis and compliance.
Authentication
Authentication is the security process of verifying the identity of a user, service, or application before granting access to a vector database system.
Authorization
Authorization is the security process of determining what permissions and access rights an authenticated entity has within a vector database, such as the ability to read, write, or query specific data.
Bring Your Own Key (BYOK)
Bring Your Own Key (BYOK) is a cloud security model where a customer generates and manages their own encryption keys, which are then provided to a cloud service provider, such as a vector database vendor, to encrypt the customer's data.
Client-Side Encryption
Client-Side Encryption is a security practice where data is encrypted on the client's machine before it is transmitted and stored in a vector database, ensuring the service provider never handles plaintext data.
Data At Rest Encryption
Data At Rest Encryption is the cryptographic protection of vector data and indexes while they are stored on persistent media, such as SSDs or hard drives, to prevent unauthorized access from physical theft or disk-level attacks.
Data In Transit Encryption
Data In Transit Encryption is the cryptographic protection of vector data and queries as they travel over a network between a client and a database server, typically using protocols like TLS/SSL.
Data Poisoning Defense
Data Poisoning Defense refers to security measures designed to detect and mitigate adversarial attempts to corrupt the training data or embedding generation process, which could degrade the performance or reliability of a vector search system.
Denial-of-Service (DoS) Protection
Denial-of-Service (DoS) Protection encompasses the security controls, such as API rate limiting and traffic filtering, implemented by a vector database to prevent malicious or accidental overload that would deny service to legitimate users.
Encrypted Search
Encrypted Search is a set of cryptographic techniques, such as searchable symmetric encryption, that allow a vector database to perform similarity searches over encrypted data without needing to decrypt it first.
Encryption Key Management
Encryption Key Management is the comprehensive administration of cryptographic keys throughout their lifecycle, including generation, storage, distribution, rotation, and deletion, within a vector database's security infrastructure.
Fine-Grained Access Control
Fine-Grained Access Control is a security model that allows administrators to define precise permissions at the level of individual database objects, such as specific collections, vectors, or metadata fields, based on user attributes or roles.
Hardware Security Module (HSM)
A Hardware Security Module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing, often used to protect the root or master encryption keys for a vector database.
Identity and Access Management (IAM)
Identity and Access Management (IAM) is a framework of policies and technologies for ensuring that the right individuals and services have the appropriate access to vector database resources, encompassing authentication, authorization, and user lifecycle management.
Key Management Service (KMS)
A Key Management Service (KMS) is a cloud-based service that provides secure creation, storage, and control of cryptographic keys used for encrypting data within a vector database and other cloud services.
Least Privilege Access
Least Privilege Access is a core security principle mandating that users, accounts, and processes should have only the minimum levels of access—or permissions—necessary to perform their legitimate functions within a vector database.
Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is an authentication method that requires a user to provide two or more verification factors (e.g., a password and a time-based code from an app) to gain access to a vector database management interface or API.
Network Segmentation
Network Segmentation is a security architecture that divides a network into smaller, isolated segments or subnetworks to control traffic flow and limit the potential impact of a security breach, often applied to isolate vector database clusters from other systems.
Private Endpoint
A Private Endpoint is a network interface that connects a client's virtual network directly and privately to a cloud service, such as a vector database, using a private IP address, ensuring traffic never traverses the public internet.
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC) is a security model where access permissions to vector database resources are assigned to roles, and users are granted access by being assigned to one or more of these roles.
Row-Level Security (RLS)
Row-Level Security (RLS) is a database security feature that uses policies to control access to individual rows in a table based on the characteristics of the user executing a query, applicable to metadata tables in a vector database.
Secure Socket Layer (SSL) / Transport Layer Security (TLS)
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security, including encryption and authentication, for data in transit between a client and a vector database.
Single Sign-On (SSO)
Single Sign-On (SSO) is an authentication scheme that allows a user to log in with a single set of credentials to gain access to multiple independent software systems, such as a vector database console and related management tools.
Tenant Data Isolation
Tenant Data Isolation is the architectural and security practice of ensuring that the data of one customer (tenant) in a multi-tenant vector database is logically or physically separated and inaccessible to any other tenant.
Token-Based Authentication
Token-Based Authentication is a security protocol where a client application exchanges valid credentials for a signed token (like a JWT), which is then presented with each request to a vector database API to prove authentication and authorization.
Trusted Execution Environment (TEE)
A Trusted Execution Environment (TEE) is a secure area of a main processor that guarantees code and data loaded inside are protected with respect to confidentiality and integrity, potentially used for secure query processing on encrypted vector data.
Virtual Private Cloud (VPC)
A Virtual Private Cloud (VPC) is an isolated virtual network within a public cloud environment, providing logical network isolation where a vector database can be deployed, allowing control over IP addressing, subnets, routing, and security groups.
Zero Trust Architecture
Zero Trust Architecture is a security framework that assumes no implicit trust is granted to assets or user accounts based solely on their physical or network location, requiring strict identity verification for every person and device trying to access resources, such as a vector database.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us