LabelboxFebruary 22, 2021

Simplify your data security with IAM delegated access

Labelbox is the central hub for your data, and today we’re expanding our commitment to customer security and data privacy. We now support using Identity and Access Management (IAM) for hybrid cloud customers integrating with AWS S3 storage.

As a single destination for enterprise-scale training data operations, Labelbox is designed for high-velocity and high-volume pipelines. With this update, we’re rolling out a dedicated workflow for quickly and securely integrating with your S3 buckets natively in our app. Read our documentation to get started.

What is IAM delegated access?

With IAM delegated access, you can control who is authenticated and authorized to access your raw data stored in AWS cloud storage. You also have the flexibility to control whether Labelbox has access to all of your S3 buckets, a single bucket, or even a path within a bucket, and you can manage different integrations for each dataset or project.

Once you’ve configured IAM roles and policies to grant read-only access to your unlabeled data, Labelbox automatically generates signed URLs to access the data and deletes the assets from our servers as soon as processing is complete.

If you currently store data in S3 buckets, configuring IAM delegated access is a more secure and reliable integration than IP whitelisting alone, and it eliminates the need to set up your own proxy servers for generating non-expiring signed URLs.

You can also quickly set up, validate, and manage your AWS storage integrations in one place.

What if I don’t use S3 storage?

We’ve expanded support for integrating with AWS, but you can still connect securely in a hybrid cloud configuration with the storage provider of your choice. Read our documentation for how to securely connect with Labelbox.

Enterprise security for your training data

With IAM delegated access, we’re excited to build on a growing list of privacy and security improvements we’ve made in the past months:

SOC 2 Type II: Independent auditors have attested that Labelbox’s security controls are not only suitably designed and implemented, but that they are operating effectively across the organization. Learn more here.

GDPR: Labelbox is working with more and more customers throughout Europe and maintains GDPR compliance.

SSO: We support most SSO identity providers including SAML, Okta, OneLogin, Google Apps, ADFS, and Azure.

We respect the sensitive nature of customer training data and are committed to making Labelbox the safest and most trusted environment for managing training data and building AI. Labelbox will never use customer data to train models for our own use. We understand that your data is your competitive advantage, and we want to help you keep it that way.

We’re excited to continue expanding our commitment to the highest levels of privacy, security, and compliance so our customers can build AI applications with confidence.

In our documentation we've included detailed instructions, a walk-through video, and this Google Colab notebook with a script to help simplify generating secure S3 URLs for IAM delegated access.