Glossary/Security, Access & Deployment

Virtual Private Cloud (VPC)

A Virtual Private Cloud is a logically isolated network environment within a cloud provider's infrastructure where organizations can deploy analytics and data systems with controlled access, network segmentation, and security configurations.

A Virtual Private Cloud (VPC) provides a private network environment within a public cloud provider like AWS, Google Cloud, or Azure. Organizations create subnets, configure firewall rules, and control inbound and outbound traffic, creating an isolated environment that behaves like a private data center despite running on shared cloud infrastructure. Analytics and data systems deployed in a VPC are protected from other cloud customers' systems through network isolation: traffic cannot flow between different VPCs unless explicitly configured.

VPCs enable hybrid cloud deployments by connecting to on-premises networks through VPN tunnels or direct connections, allowing analytics systems to securely access on-premises data sources. Organizations configure VPCs with multiple security layers: public subnets for load balancers and application servers, private subnets for databases and sensitive systems, and VPC endpoints for controlled access to cloud services. This segmentation implements network-based security boundaries that work alongside access control and encryption. VPCs provide the infrastructure foundation for secure analytics environments in cloud deployments.

Key Characteristics

  • Creates logically isolated network within cloud provider infrastructure
  • Supports subnet configuration and granular security group rules
  • Isolates traffic from other cloud customers through network segmentation
  • Connects to on-premises networks via VPN or dedicated connections
  • Provides VPC endpoints for private access to cloud services
  • Requires careful network architecture planning to balance security and functionality

Why It Matters

  • Isolates analytics and data systems from other cloud customers
  • Prevents unauthorized network access to sensitive systems and data
  • Enables hybrid architectures connecting cloud and on-premises systems securely
  • Provides infrastructure for implementing network-based access controls
  • Reduces risk of lateral movement in multi-tenant cloud environments
  • Meets compliance requirements for network isolation in regulated industries

Example

A healthcare organization deploys analytics infrastructure in an AWS VPC. The VPC contains a public subnet with a data ingestion API, a private subnet with Snowflake data warehouse, and another private subnet with analytics compute instances. Internal networks connect through a VPN tunnel. External users access the analytics API through the public subnet, but the data warehouse and compute instances are not directly accessible from the internet, with traffic routed through controlled VPC endpoints.

Coginiti Perspective

Coginiti deploys into VPCs on AWS, Google Cloud, and Azure, utilizing VPC isolation, security groups, and private subnets to protect analytics infrastructure. The platform connects to on-premises data systems through VPN or dedicated connections; semantic models published in a VPC-isolated Coginiti instance remain within the network perimeter, enabling organizations to implement zero-trust network architectures where analytics systems have no direct internet access.

Related Concepts

Data SecurityAir-Gapped DeploymentOn-Premises DeploymentEncryption (At Rest / In Transit)Role-Based Access Control (RBAC)Identity Provider (IdP)

More in Security, Access & Deployment

Air-Gapped Deployment

An air-gapped deployment is a system architecture where analytics or data systems operate in complete isolation from the internet and external networks, preventing data exfiltration and unauthorized access.

Attribute-Based Access Control (ABAC)

Attribute-Based Access Control is an access model that grants permissions based on attributes of the user, resource, action, and environment, evaluated using policies rather than predefined roles.

Column-Level Security

Column-Level Security is a data access control mechanism that restricts which columns a user can access within a table based on their role, department, or other attributes.

Data Masking

Data masking is a data security technique that obscures or redacts sensitive information within datasets while preserving data utility for analytics, testing, or development purposes.

Data Privacy

Data privacy is the right of individuals to control how their personal information is collected, processed, stored, and shared by organizations, enforced through legal frameworks and technical safeguards.

Data Security

Data security is the practice of protecting data from unauthorized access, modification, or destruction through technical controls, policies, and organizational procedures.

See Semantic Intelligence in Action

Coginiti operationalizes business meaning across your entire data estate.

Request a Demo