Application Isolation | Platform Evaluation Guide
Quickbase Platform Evaluation Guide

Application Isolation

Quickbase is a multi-tenant architecture. This means that application data lives in shared data stores such as databases and file systems. Data may also be hosted in the same memory space of a runtime instance. With this orientation, the Quickbase platform takes deliberate steps to ensure that customer data is safe and secure.

  1. The Quickbase per application RBAC embedded throughout the runtime instance ensures that only the people granted access to your application have access to the data.
  2. Unlike other solutions, Quickbase does not run or host code. The runtime engine runs exclusively on the application metadata. Even with multiple applications hosted within the same memory space, a malicious actor cannot run code on the Quickbase platform that may exfiltrate your data. Quickbase does have a formula engine which resembles “code”. The formula engine is not a full programming language. It is an interpreted language with a purposefully designed narrow scope so that it is easy for business technologists to write.
  3. Quickbase heavily uses encryption. All network communications to Quickbase are fully encrypted using SSL. Additionally, all data at rest is also encrypted using AES256 or better. For your application data, Quickbase goes a step farther and provides unique encryption keys per application. This means every application in Quickbase is encrypted with its own unique data key. Thus, two copies of an application will appear completely different at rest. This can be paired with our customer held encryption key feature where the customer is in control of how we store the application data keys.
  4. The Quickbase APIs are are authenticated via what we call a user token, but you can think of it as an authorization token. Our architecture supports out API capability so that it uniquely identifies the requesting user and thus allows the full power of the platform’s RBAC to control what users may do via the API.