Integrator Security
DCKAP Integrator aims at protecting and encrypting the wealth of data that flows through it, for the entire integration lifecycle. As a middleware, DCKAP Integrator only acts as an interface to transfer data between systems and does not store a copy of the data.
Without compromising the speed of data transfer or the scalability of connecting multiple systems, DCKAP Integrator safeguards every byte of valuable and sensitive information that it processes.
By providing Access Control, DCKAP Integrator enables data authentication and authorization and further assures securing of critical information which is otherwise vulnerable to security breaches.
By default, DCKAP Integrator saves only the entity ID (for logs and failure record reprocessing) and the data logged in flows. DCKAP Integrator does not store any other data transferred between systems.
All our files and data are stored in Amazon Web Services (AWS) Cloud. The following is a partial list of assurance programs with which AWS complies:
- SOC 1/ISAE 3402, SOC 2, SOC 3
- FISMA, DIACAP, and FedRAMP
- PCI DSS Level 1
- ISO 9001, ISO 27001, ISO 27017, ISO 27018
All the credentials provided by the users are encrypted using AES-128 Cipher and stored in the cloud.
As stated earlier, DCKAP Integrator does not store the actual data transferred between systems. However, developers often need to see or understand the data which is flowing through DCKAP Integrator. To improve debugging techniques, we log console information of any given pipe only when it is enabled by the user in their respective account.
While moving to production, the user can disable the console logs and the saved console logs can be deleted at any point in time.
The configured console logs of the respective integration pipes are stored in the cloud(AWS S3 Bucket). The download link for the files will be created with secure keys and it will expire in 5 minutes.
All the session information is stored on the server.
DCKAP Integrator saves the meta information like entity ID of failed records(to rerun the synchronization), execution time, number of records processed, number of records failed, status and so on.
All the logs data are automatically deleted at a regular interval(based on the user plan) and also the user has the ability to delete the data manually.
All the user account passwords provided by the users are encrypted using SHA Algorithm (One Way Secure Hashing Technique) and stored in the cloud.
The project owner can provide/revoke the project access to any user or user group at any point in time. The project owner has complete control over the user management for the project.
The project access level provided can vary from user to user based on the following two options:
- Administrator - This access level has all the provisions similar to the Project Owner except the ability to delete or transfer the project.
- Standard User - This access level doesn’t have access to delete or transfer or provide project access to other users. They are also not allowed to modify the project configuration.
The Project Owner has the ability to switch the above privileges for any user anytime.
Without access provided by the project owner or Administrators, no other user can access the project information. User Access Privilege is ensured in all the pages.
DCKAP Integrator can establish communication with different systems (such as ERP, CRM, eCommerce, etc.) based on the flows configured to the pipe.
Some authentication mechanisms include OAuth1(RFC 5849), OAuth2(RFC 6749), Basic Authentication(RFC 7617), Bearer Token(RFC 6750), NTLM Authentication and so on. They vary from system to system.
Service Consumers can communicate with the application only if it is authorized. DCKAP Integrator supports authentication mechanisms like Json Web Tokens(JWT, RFC 7519) and Basic Authentication(RFC 7617) for authenticating external requests.
All the requests are processed by AWS Lambda serverless compute service.
AWS Security Group Implemented
- AWS Security Group Implemented
- control inbound and outbound traffic
- provides security at the protocol and port access level
- SSL/TLS 1.2 Implemented
- Encrypts information that is sent over the internet and provides identity assurance
- All of the AWS APIs are available via SSL-protected endpoints which provide server authentication.
- Port scans of Amazon EC2 instances are generally ineffective because, by default, all inbound ports on Amazon EC2 instances are closed and are only opened by the DCKAP Integrator Infrastructure Manager.
- Connections to Databases are highly secured and are allowed only from certain whitelisted IPs.
Last modified 1yr ago