Configure enhanced security and compliance settings

Preview

The automatic cluster update feature and the ability to enable enhanced security and compliance features from the account console are in Public Preview.

The compliance security profile (with compliance standards) and enhanced security monitoring are generally available.

Enhanced Security and Compliance is a platform add-on that provides enhanced security and controls for your compliance needs. See the pricing page. This article describes how to configure enhanced security and compliance settings on your Databricks workspace or account. Your Databricks workspace must be on the Enterprise pricing tier.

Enable enhanced security and compliance features on an existing workspace

Account admins can enable the compliance security profile, add compliance standards, enable enhanced security monitoring, and enable automatic cluster update on a workspace.

  1. As an account admin, go to the account console.

  2. Click Workspaces.

  3. Click on your workspace’s name.

  4. Click Security and compliance.

  5. To enable the compliance security profile, next to Compliance security profile, click Enable.

    In the Compliance security profile dialog, optionally select compliance standards and click Save.

    Important

    • If you enable the compliance security profile or add compliance standards to a workspace, the effect is intended to be permanent for that workspace.

    • Neither the compliance security profile nor individual compliance standards can be removed from a workspace if regulated data was previously processed in that workspace. You can delete the workspace and create a new workspace without the compliance security profile or with a different compliance standard. If you need additional help, contact Databricks support.

    • Before you process PHI data, it is your responsibility to ensure that you have a BAA agreement with Databricks.

  6. To enable enhanced security monitoring, select the checkbox Enhanced security monitoring.

    If you enable the compliance security profile, enhanced security monitoring is automatically enabled.

  7. To enable automatic cluster update, select or unselect the checkbox Automatic cluster update.

    If you enable the compliance security profile, automatic cluster update is automatically enabled.

Set account-level defaults for all new workspaces

Account admins can configure settings for security profile (with compliance standards) or enhanced security monitoring at an account level to apply to all new workspaces. When you enable the compliance security profile as a default for new workspaces, enhanced security monitoring and automatic cluster update are also enabled for new workspaces.

  1. As an account admin, go to the account console.

  2. In the sidebar, click Settings.

  3. Click the Security and compliance tab.

  4. In the sidebar, click Enhanced Security and Compliance Settings.

  5. To enable the compliance security profile, next to Compliance security profile, click Configure.

    In the Compliance security profile for new workspaces dialog, select Enabled, select one or compliance standards or select None and click Save.

    Important

    Before you process PHI data, it is your responsibility to ensure that you have a BAA agreement with Databricks.

  6. To enable enhanced security monitoring, select the checkbox Enhanced security monitoring for new workspaces.

Create a new workspace with enhanced security and compliance features

Account admins can enable the compliance security profile, add compliance standards, and enable enhanced security monitoring during workspace creation. New workspaces must adhere to configured account-level defaults.

  1. Follow the instructions to create a workspace in Create a workspace with custom AWS configurations. Ensure you choose a region that supports your compliance standard.

  2. Click Advanced configurations.

  3. To enable the compliance security profile, select the checkbox Compliance security profile.

  4. To enable enhanced security monitoring, select the checkbox Enhanced security monitoring.

  5. In Compliance standard, select one or more compliance standards or select None.

  6. Click Next and Create workspace.