Security

TellusR Security Overview

TellusR is committed to maintaining the highest standards of security, ensuring that organizations can deploy and use the system with confidence.

This is an overview of the security measures and considerations implemented in TellusR.

Deployment Architecture

  • Docker Containerization: TellusR is deployed using Docker containers, allowing for isolated and consistent environments. Each component of TellusR, such as the search engine and the NLP-service, runs in separate containers, minimizing cross-service dependencies and reducing attack surfaces.

  • Network Segmentation: The Docker containers are networked together within a private, secure network. Public endpoints are only exposed to the local host on port 8900 and are protected with password authentication to control access.

  • Secure External Access: For external access, it is recommended to secure the server with a firewall and set up a proxy that forwards the TellusR interface to end users via HTTPS. This setup ensures that all communication between end users and the TellusR interface is encrypted and protected from unauthorized access.

Data Protection and Security

TellusR can be installed on the customers preferred cloud- or on prem server. Hence all data will be stored in the customers environment. HTTPS is used to encrypt data transmitted between the TellusR interface and end users, ensuring secure communication and protection against eavesdropping and man-in-the-middle attacks. Regular updates and security patches are provided to address emerging threats and vulnerabilities. In order to access TellusRs chat capabilities, TellusR will need to be integrated with the LLM of choice.

Ensuring Data Privacy and Regulatory Considerations

TellusR is designed to help organizations comply with data privacy regulations such as GDPR. To ensure that only authorized individuals can access sensitive indexed data, TellusR support robust data privacy mechanisms. We offer two key methods for managing access to this data:

  • Separate Data Storage: Data can be stored in distinct indexes, each with its own dedicated access endpoint. This approach isolates data based on access requirements, ensuring that users only interact with the data they are permitted to view. By segmenting data into separate indexes, we enhance security and control over who will access specific sets of information.
  • Role-Based Filtering: Alternatively, TellusR provides advanced filtering functionality that leverages user role information to manage data access. This method dynamically filters content based on the user’s role, ensuring that individuals only receive the data relevant to their permissions. By integrating role-based access controls directly into the data retrieval process, we maintain a high level of data privacy while providing a flexible and efficient way to manage user access. In addition to this, TellusR also comes with functionality for automatic sensitivity detection.

Authentication and Access Control

The Docker containers are networked together within a private, secure network. Public endpoints are only exposed to the local host on port 8900 and 80 and are protected with password authentication to control access. The application hosts a dashboard on 8900 and has support for admin users and basic users. Admin users have access to admin-like operations, whereas basic users only can perform query-like operations.

Architecture

TellusR can integrate with either an external or internal LLM, depending on customer needs. If an external LLM is used, a typical TellusR architecture may look like this:

Architecture