What’s new in security and compliance at Data + AI Summit 2025

Over the past year, we've continued to expand our security and compliance offerings to meet the evolving needs of regulated industries, privately connect to external resources, support your zero trust initiatives, and help you stay ahead of emerging threats. Today, we're excited to introduce a new wave of capabilities that make secure, serverless, multicloud data and AI a reality:

• New platform security features:
  • Serverless Egress Control: GA on AWS and Azure, Private Preview on GCP
  • Serverless Private Link support to resources in your virtual private clouds and S3: Now in Public Preview
  • Databricks Multi-Key Protection: Now in Private Preview
• New compliance availability:
  • Enhanced Security and Compliance (ESC): Now in Public Preview on GCP
  • Expanded Model Serving Compliance: HIPAA, PCI-DSS, more
  • AWS GovCloud: GA with FedRAMP High and DoD IL5 authorizations
  • New PayGo Pricing Model for ESC on AWS

Read on for a closer look at each announcement!

New platform security features to unlock AI and serverless potential

We're delivering security that's easy to adopt and built for modern multicloud environments. These new capabilities help protect sensitive data assets and simplify secure connectivity across the lakehouse.

Strengthening network security with Serverless Egress Control and Private Link

As more organizations adopt serverless for its scalability and simplicity, secure connectivity and network perimeter controls are critical to keep your environment private and mitigate data exfiltration risks. To help platform teams lock down network paths without compromising agility, we're introducing new capabilities that deliver stronger, more flexible network controls across serverless workloads:

1. Serverless Egress Control is now Generally Available on AWS and Azure and in Private Preview on GCP. It allows you to enforce a deny-by-default network posture for all serverless workloads, allowing outbound connections only to explicitly approved destinations (like specific domains or cloud storage resources ) or Unity Catalog-governed storage locations. SEG provides centralized policy management and a dry-run mode to test policies safely before enforcement.
2. Serverless Private Link allows you to connect your serverless workloads to internal resources in your virtual private clouds (VPCs) on AWS and virtual networks (VNets) on Azure. On AWS, we're also introducing Private Link connectivity to S3 buckets for private access to your object storage. These capabilities are now available in Public Preview. As a reminder, customers using this feature may incur data transfer costs.

These features complement each other and enhance your security posture. Imagine your platform team needs to deploy a Python Notebook to production. Because of strict internal policies, public internet access is not allowed, and all packages must be scanned before deploying to production. With Serverless Egress Control, the team enforces a deny-by-default policy that blocks all external outbound traffic, including to public package repositories. The team then configures a Serverless Private Link to connect to their private artifact repository on their network. Thus, with the use of these two features, the team can ensure that the Notebook is deployed in accordance with their security policies.

These network policy and connectivity features apply consistently across all serverless data and AI products.

Introducing Databricks Multi-Key Protection

Databricks Multi-Key Protection is a new encryption capability designed to help you safeguard highly sensitive data, such as PII, PHI, and employee records by ensuring it remains private even from infrastructure or platform administrators. With Multi-Key Protection, data is encrypted with a combination of a key managed in your key management service and a set of keys managed by Databricks. Storage administrators accessing files at the cloud storage layer can only access encrypted data. Data is only accessible through Unity Catalog-governed paths and is subject to fine-grained controls. You can configure a separate customer-managed key (CMK) for each catalog for further isolation at rest and then deny all access to the data by revoking access to the customer-managed key (CMK) at any time.

Databricks Multi-Key Protection will soon be available in Public Preview on Default Storage for customers using Express Setup on AWS. See our webpage for more information, and contact your account team if you're interested in trying it out.