Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Physical Facility
Represents the actual data center facility where the cloud application runs. Includes the computer hardware, storage devices, security access systems, backup media storage, and power supplies The local area network and Internet service provider networking necessary to link together physical machines and external devices Both the real and virtual operating systems that contain the cloud application set Data management system that persists any data stored by the cloud application (including meta data) The actual cloud software application. In this document, the application equals Informatica Cloud. In-transit data as information moves between data sources and targets
Audit Compliance
Networking
Data Transmission, Data Standards and Connectivity Data Governance, Audit Compliance Data Governance, Data Standards and Connectivity, Audit Compliance Data Governance, Data Transmission, Data Standards and Connectivity, Audit Compliance Data Transmission
Application
Data Transmission
Cloud (Web) applications Cloud software environment Computational resources Storage Communication Services & APIs
IaaS
Cloud software infrastructure Kernal (OS/apps) Hardware Facilities Service customer Cloud-specific infrastructure
The different colors in the diagram represent the different owners of the layers. So the supporting (IT) infrastructure is usually maintained by an IaaS provider (such as Amazon or Microsoft), while the cloud-specific infrastructure is managed by Informatica. The service customer is responsible for providing user-level access control security, which is ultimately maintained by the corporate IT department.
[2]
Provider
As part of a comprehensive continuity-of-operations plan, Informatica employs two separate data centers managed by different providers. Each data center acts as a failover in case of a failure at the other. The switch to a different data center is transparent to the Informatica customer. Informatica transfers control to the alternate data center by rerouting DNS entries within the Internet backbone. Once the physical IP addresses point to the secondary data center, the Internet will propagate this change through the DNS environment. Very quickly, the secondary data center will be managing all of the Informatica Cloud integration communications worldwide. Data retention is another important factor. Here is the Informatica Cloud backup schedule: 1. On-site incremental disk based backups are saved on-line four times per day. 2. Full backups are performed on a weekly and monthly basis. 3. The data retention period is for six months. Note that only integration metadata is saved in the cloud application. Customer data is never stored during transit. Ideally, the cloud providers data centers should be geographically distributed around the world. As of 2011, Informatica data centers are located on the U.S. East Coast and West Coast. There are plans for non-US based data center targeted for 2012, which will provide more global coverage and redundancy.
Informatica hires independent security analysts to perform annual penetration tests throughout multiple levels of the network. If a detected scan/probe/attack occurs, the address is blocked at the border routers and alerts are sent within one hour. If the attack is successful, this event is classified as a security incident. Incident response begins, which involves immediate investigation and mitigation with all the appropriate parties.
[4]
Salesforce.com
Salesforce Data
Runs on Windows and/or Linux server (all connections are initiated by the secure agent outbound)
Secure Agent
Business Data
{HTTPS/SOAP}
naX.Salesforce.com
SQL SELECT, ALTER, INSERT UPDATE, DELETE (schema changes, schedule info) {SSL}
Metadata
Informatica Cloud
ICS Repository
Mappings SFDC Metadata DB Metadata DB and SFDC conn auth info (encrypted)
WS/SaaS front-end
Internet
Internal
Figure 2. Overview of Informatica Clouds Secure Agent facilitating data integration between a local database and Salesforce CRM and/or Force.com.
Figure 3. The Informatica Cloud Secure Agent manages data transfer and is run locally behind the firewall or can be hosted in the cloud. No data resides on Informatica servers.
[5]
The Informatica Cloud Secure Agent works as follows: Corporate IT downloads the Secure Agent and installs it as a secure Windows service (or Linux process). The Secure Agent inherits the access privileges of the user account that was used for installation. The Secure Agent communicates to Informatica Cloud through https protocol through port 443. All communication initiated by Secure Agent is outbound, so no firewall rules need to be changed. Built-in health check mechanisms ensure persistent connectivity to Informatica Cloud. The Secure Agent downloads the integration job control information in an encrypted format and executes the job. The Secure Agent then launches the engine to execute the integration job Data transfer happens directly from source system to target system and is not staged in Informatica Cloud. This is an important feature of Informatica Cloud from a data security perspective. All data resides behind the corporate firewall until it is transmitted securely to the target. The Secure Agent transmits logging and monitoring information about the integration job to Informatica Cloud. Informatica Cloud records entitlement changes and user transactions in audit logs, including username, date, and nature of change. The audit logs are pruned on a quarterly basis. These logs are always available to customers in the browser UI under administration section.
Customer Perspective
Informatica Cloud provides layered security based on organizations, licenses, users, and roles: Organizations. Users connect to Informatica Cloud as members of an organization. Licenses. They allow organizations to access Informatica Cloud functionality. Licenses are granted by Informatica operations to organizations. Licenses can expire at regular intervals. Organization Administrator. Each organization has at least one user designated as the administrator. The administrator creates and manages the Informatica Cloud account for the organization. The organization administrator is responsible for creating each user and setting up access rights to Informatica Cloud functionality based on the user requirements. User logins. The organization administrator defines the password policy, including minimum password length, minimum character mix, password reuse duration, password expiration duration, and two-factor authentication scheme. User sessions. User sessions time out after 30 minutes of session inactivity. Roles. Role definitions allow users to access Informatica Cloud functionality. The administrator grants roles for an organization.
[6]
This role-based security exemplifies best practices on implementing least privilege access at a very granular level. IT organizations will feel comfortable when setting up Informatica Cloud because it is similar to other enterprise-class security systems. With respect to other SaaS applications, such as Salesforce CRM, the user access credentials are stored in encrypted format. So when the Secure Agent executes, it is able to log in to the SaaS application with credentials as defined by the enterprise (it does not require root/SA access).
[7]
[8]
Summary
This report detailed how Informatica Cloud addresses cloud integration from a security perspective. Cloud integration can be implemented in a variety of ways. Informatica Cloud seeks to minimize the exposure of corporate data, allowing IT departments to have high confidence that proprietary data will not be exposed on the Internet. At all levels of the solution, from data center to data transmission, Informatica Cloud implements best practices that achieve a secure integration experience. The Secure Agent connects directly from source to target systems customer data is never staged or stored in Informatica Cloud. The operations manager provides both line-of-business and IT departments with secure access to integration jobs. This access furnishes a flexible and controlled environment to manage integration scenarios. Lastly, data is encrypted during transmission and is resilient against Internet-based attacks. Data security ranks as one of the biggest challenges when moving to the cloud. The need to integrate disparate systems is not disappearing. So the savvy IT department needs to deploy a secure cloud integration solution to meet todays business challenges. Informatica delivers such a secure integration solution.
About Informatica
Informatica Corporation (NASDAQ: INFA) is the worlds number one independent provider of data integration software. Organizations around the world rely on Informatica to gain a competitive advantage with timely, relevant and trustworthy data for their top business imperatives. Worldwide, over 4,440 enterprises depend on Informatica for data integration, data quality and big data solutions to access, integrate and trust their information assets residing on-premise and in the Cloud. For more information, call +1 888 345 4639 in in the U.S., or visit www.InformaticaCloud.com. Connect with Informatica at http://www.facebook.com/InformaticaCorporation, http://www.linkedin.com/company/ informatica and http://twitter.com/InformaticaCorp.
[9]
A1. Invalidated Input Information from Web requests is not validated before being used by a Web application. Attackers can use these flaws to attack back-end components through a Web application. A2. Broken Access Control Restrictions on what authenticated users are allowed to do are not properly enforced. Attackers can exploit these flaws to access other users accounts, view sensitive files, or use unauthorized functions. A3. Broken Authentication and Session Management Account credentials and session tokens are not properly protected. Attackers who can compromise passwords, keys, sessions, cookies, or other tokens can defeat authentication restrictions and assume other users identities. A4. Cross-Site Scripting The Web application can be used as a mechanism to transport an attack to an end users browser. A successful attack can disclose the end users session token, attack the local machine, or spoof content to fool the user. A5. Buffer Overflow Web application components that do not properly validate input can be crashed and, in some cases, used to take control of a process. These components can include CGI, libraries, drivers, and Web application server components. A6. Injection Flaws Web applications pass parameters when they access external/perimeter systems or the local operating system. If an attacker can embed malicious commands in these parameters, the external system may execute those commands on behalf of the Web application. A7. Improper Error Handling Error conditions that occur during normal operation are not handled properly. If an attacker can cause errors to occur consistently, he or she can gain detailed system information, deny service, cause security mechanisms to fail, or crash the server. A8. Insecure Storage and Transport Web applications frequently use cryptographic functions to protect information and credentials. These functions and the code to integrate them are difficult to implement properly, frequently resulting in weak protection. A9. Application Denial of Service Attackers can consume Web application resources to a point where other legitimate users can no longer access or use the application. Attackers can also lock users out of their accounts or even cause the entire application to fail. A10. Insecure Configuration Management Having a strong server configuration standard is critical to a secure Web application. These servers have many configuration options that affect security and are not secure out of the box.
VulnErabilitY DEscription BusinEss RisK LiKElihood of EXploitation LEVEl of EXpErtisE REQuirEd
Meets No Exceptions were found. Meets No Exceptions were found. Meets No Exceptions were found. Meets No Exceptions were found. Meets No Exceptions were found. Meets No Exceptions were found. Meets No Exceptions were found. Meets No Exceptions were found. Meets No Exceptions were found. Meets No Exceptions were found.
REcommEndEd REmEdiation
None
None
None
None
None
[ 10 ]
Production site is down. Customers lost connectivity to Informatica Cloud production site, and no workaround is immediately available. 30 minutes from initial alert/report Immediate 10 minutes after service is restored
IntErnal Escalation
CustomEr Escalation
Sales Engineering / Sales Operations / Engineering contact VP of Engineering General Manger of Informatica Cloud
[ 11 ]
52304 (10/14/2011)
[ 12 ]