It’s no secret that the world is getting more and more digital every day. And with that, security is becoming an increasingly important issue to create a more secure digital ecosystem. To provide protection against anomalies, organizations look for ways to add extra layers to protect their products and services.
Airtable is a low-code platform to build custom apps, with database functionality that helps you organize data in one place and make it accessible to multiple users. It’s great for keeping track of customer information, project management, and more. But like any cloud-based software, it may have its vulnerabilities.
In this article, we’re going to dive into what Airtable has to offer in terms of security! We’ll also be talking about some Airtable security tips that you can take to safeguard your information and data.
Is Airtable secure?
Airtable is designed from the ground up with security as a top priority. It uses a number of different security protocols, including SSL encryption for all connections to their servers, automatic permission checks for new users or tables within your account, and two-factor authentication for all accounts with access to sensitive information. If you’re concerned about the security of Airtable and what kind of security measures are being taken, then you’re at the right place. To start with, here are a few:
- All of your data is stored in the cloud, so no one can access your information without your permission.
- Access to each individual table is controlled by a single user or group of users.
- Airtable also has an audit log feature that keeps track of every change anyone makes to your database, so you can see exactly who did what at any time.
How is online security for Airtable?
Airtable conforms to an ISO 27001-compliant security management system. Every platform component is protected by multiple layers of encryption, including an SSL certificate. They also use multi-factor authentication for all users and administrators, so hackers can’t get into your account without first getting access to your phone or email. Here’s a list of Airtable security highlights:
- SSL/TLS encryption (for all communication between your browser and Airtable’s servers).
- Host-based firewalls (to prevent unauthorized access).
- Regular system updates and patches (to maintain optimal performance).
Airtable security certifications and compliance
Security and privacy standards
To protect your data from malicious hackers, Airtable has managed to implement and undergo some of the highest security and privacy standards. When you use Airtable, you can rest assured that they have an ISMS in place that meets the requirements of ISO 27001:2013, meaning they perform risk assessments, implement controls, monitor the systems for compliance, and track changes to their policies.
SOC 2 compliance is a voluntary standard for service organizations, developed by the American Institute of CPAs (AICPA). The standard states how organizations should manage customer data, and it’s based on four Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. Airtable underwent a Service Organization Controls audit (SOC 2 type 2) in order to receive its certification. The recent audit report can be easily furnished by contacting the Airtable team.
Web app security
Airtable has designed automated solutions to run application-level security scans periodically. Along with this, they ensure package dependency scans are done weekly and endpoint scans every month. The code and configuration changes are rigorously evaluated during the quality assurance process to ensure the smooth running of the application across all devices and platforms.
The collaborator permissions allow users to give access to certain users at the workspace or base level. The permissions are a critical part of security as you’d be only allowing trusted users access to your data.
These permissions also authorize them to make alterations to those workspaces and bases. Additionally, to restrict access to a base, you can generate a share link with a password or email domain. Another component of the security of Airtable is that it is possible to review the record-level revision history to see the changes made to each record and who made those changes to keep a track of activities. Two-factor authentication is also recommended to keep your account secure. The Enterprise plan offers further administration features, including SAML-based Single Sign On.
In terms of organizational security, Airtable runs background checks on employees and mandates security training annually. This ensures employees are taking data privacy, information, and password security seriously.
Furthermore, general security measures such as automatic system locking, strong passwords, and full disk encryption are in place. Along with that, they do not allow any installation of unauthorized software or portable media. They also assure that separated environments are used for production and testing. Airtable has gone a step above to have a bug bounty program, which allows the security community to highlight or report any bugs/issues they find while using Airtable.
What about Airtable data security?
Airtable is committed to protecting the privacy and security of your data. To do this, Airtable uses 256-bit SSL/TLS encryption both when data is transmitted between Airtable and your browser, as well as when data is stored on their servers. At rest, your content is protected with 256-bit AES encryption.
Airtable complies with Europe’s General Data Protection Regulation (GDPR) to ensure that they handle your data in a responsible and safe way. The goal of GDPR is to create a system that allows consumers to have more control over their own data, including what companies can do with it, who they can share it with, and how long they can keep it. It also requires companies to be transparent about what kinds of data they’re collecting and why.
FERPA compliance is key to Airtable’s mission of protecting students’ data. To that end, Airtable is SOC2 Type II and ISO27001 certified. The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student educational records. FERPA gives parents or eligible students access to their child’s education records, the right to challenge the content of those records and to limit disclosure of those records without their prior consent.
Is Airtable HIPAA compliant?
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a law that protects the privacy of medical records. HIPAA compliance means that your company’s data security practices and procedures are in place to protect patient information.
Currently, the security of Airtable is not HIPAA compliant. Although they’re associated with a few organizations across the medical industry to maintain and operate business, research, and other processes, they do not store any Personal Health Information (PHI).
Airtable security best practices to follow
Here are a few practices that may help to secure your data and avoid any Airtable security issues.
Manage user permissions
When you’re working with sensitive information, you want to make sure that only authorized users can access it. Airtable collaborators have different permissions depending on the information they need to access, and these permissions determine what they can and cannot edit in a workspace or base. If you give someone permission to edit a workspace, they’ll be able to add or edit records in that workspace. Knowing which users have which permission is important for maintaining healthy team collaboration.
To keep your data safe, you should make sure that only the people who need access to it have access. There are some base/workspace actions that are allowed for only owners/creators and there are some which can be taken by editors, commenters, and read-only users.
How to give permissions to users
To update base permissions, click on the Share button in the top right corner of any base.
Another dialog box will open. You can invite new users to collaborate on your base using the three options: Email invite, Create a link, and Share publicly. From the dropdown next to Invite by email, you can decide which permission to give to users from Creator, Editor, Commenter, and Read-only. When you carefully allow user permissions in the first place, you don’t need to amend/update them later.
To edit the existing collaborator’s permissions, click on the Manage button.
From here, you can manage permissions by selecting the permission level dropdown menu.
Another feature rolled out by Airtable is User Groups, which is only available for Enterprise plans. User groups let you create and manage multiple user accounts that all have access to the same bases and workspaces. You can do this by setting up different groups of users and giving them specific permissions for each group. For example, you might create one group for “Sales” and another for “Marketing,” and then assign permissions to each group based on what they need access to (e.g., “Sales” would have read-only access to all records in the database).
To manage user groups, click on the Share button on the top right corner of a base. If you already have a user group then you can simply click on View all groups. If you don’t have one, click on Create a group and start adding users.
From View all groups…, you see and manage group permissions and user permissions as well.
Internal security audits
Internal security audits are a must to keep your company’s data safe. When you perform an audit, you’re digging into your system and looking for ways that can be improved.
Using a feature called Audit Logs, Airtable allows you to do an internal audit of your database—you can see which users have accessed what records, which ones have created new fields or added new records, etc. This is useful because it gives you insight into how users are accessing your data and what they’re doing with it so that you can make sure everyone’s following security best practices (and if not, why not?).
The audit logs are only available for Enterprise plans. To retrieve audit logs from Airtable, all you have to do is go to the Reports page of the Admin panel and find the Audit log section. You will need to fill out the form to request a log by year, month, and day. There are more filters such as User ID, workspace ID, base ID, table ID, and IPv4 address to furnish a detailed audit log.
These audit logs may take 5-30 minutes to be ready for download for users to review. And after further analysis, if you find any issues, you can start taking action to fix them.
Airtable is a great tool for storing and organizing your data, but that doesn’t mean that it’s immune to failures or loss. If you want to be sure that your Airtable data is always safe, make sure you have an up-to-date backup plan in place.
There are three ways to have your Airtable data backup, one of them is Snapshots. Snapshots let you take a quick snapshot of your bases so that they’re ready to restore when needed. These snapshots are taken automatically based on a frequency that you can’t decide. And they’re stored with Airtable for a period of time depending on the plan that you have. You can also take a manual snapshot if required. The idea behind Snapshots is that you can restore a particular base using them. The drawback of not being able to regulate the frequency of the Snapshots does not make it an optimal data backup solution.
Another option is downloading CSV files. This option comes in handy when you have a specific requirement of using the data in a different application. Downloading CSV files has its own limitations too—this option is only available for web and desktop applications, and you will have to do the manual work of downloading CSV files each time you need one.
The most viable option is to use a data importer tool and have your Airtable data backup somewhere else, such as Google Sheets, Microsoft Excel, or Google BigQuery. You can have a backup of Airtable databases using Coupler.io. This is a data integration solution to import data to Google Sheets, Excel or BigQuery from different sources.
Coupler.io allows you to export any of your views, and then import them to any destination you choose. Other than being one of the easy-to-use importers, Coupler.io provides the ability to automate your backup by setting a schedule on a regular basis—which means you get to decide the frequency. This makes it easy to back up your data, and it’s readily available in case something goes wrong with your Airtable account.
What are the Airtable security concerns or issues?
Airtable is a great tool, but it’s not perfect. The platform has been around since 2013, and it has grown to more than 300,000 active users worldwide. However, there are some Airtable security concerns you should pay attention to:
- No self-hosting: This is a downside of using Airtable—you don’t have total control over how your data is stored or where it’s hosted. While some people feel comfortable having their data hosted on third-party servers, others prefer to host their own data in their own building or at least somewhere local with high standards for security and privacy protection.
- Permissions: Airtable also has user permissions for its database tables, which may or may not be a concern depending on how much control you want over who can access what data and what they can do with it. For example, if you’re using Airtable as a project management tool where multiple users are collaborating on different tasks and sharing information between them, then you might want to limit access so that only certain people can view certain fields or make changes to specific records. This can be done by managing user permissions.
Has Airtable had any security breaches?
Airtable has not had any known security breaches. There have been no reports of unauthorized access to Airtable’s servers, and no sensitive user data has been leaked.
Airtable is safe and secure, but it’s still necessary to follow best security practices and be aware of the security concerns surrounding the software. We hope that after reading this article, you have a better understanding of how to use Airtable securely, and the steps you should take to make the best choice for your company’s security needs.Back to Blog