Security & Trust Center
Your data security is our top priority
Serverless egress controls: Outbound network security for your serverless workloads
Databricks now offers serverless egress controls in Public Preview on AWS and Azure, empowering users to manage and secure outbound network connections for all serverless workloads, including model serving, notebooks, workflow, Delta Live Tables, and SQL warehouses. This new feature gives administrators robust control over outbound access, which is crucial for protecting data and reducing exposure to exfiltration risks.
What are serverless egress controls?
Serverless egress controls allow administrators to specify where serverless workloads can connect outside the Databricks environment. By implementing these controls, organizations can define a perimeter around their serverless compute operations, restricting access to only approved destinations. This security measure builds on existing Databricks ingress controls (such as front-end Private Link and IP ACLs) to create a more secure and reliable setup for handling sensitive data.
Benefits of serverless egress control for Databricks users
Enhanced security
By limiting outbound connections to trusted destinations, organizations can reduce the risk of data exfiltration and keep their data in their trusted environment.
Simplified policy management
Administrators can manage egress controls through centralized policies that apply to one, multiple or all workspaces, ensuring consistency and reducing manual configuration.
Default deny posture
With a “deny by default” approach, administrators can ensure that only explicitly permitted destinations are accessible, aligning with industry security best practices.
Unified configuration
Serverless egress controls integrate seamlessly with Unity Catalog, automatically allowing access to defined storage locations and connections, further simplifying network configuration.
Policy evaluation with dry-run mode
Administrators can test egress policies without immediate enforcement. Dry-run mode logs violations for analysis, allowing policy adjustments before full enforcement, which is particularly valuable for production workloads.
Getting started with serverless egress control
Serverless egress controls are now available on Databricks Enterprise Tier (AWS) and Premium Tier (Azure). To configure egress policies, administrators can access the Network Policies UI in the Databricks account console.
For more details on configuring these policies, please refer to the official Databricks documentation for AWS and Azure.