You are on page 1of 12

WHITE PAPER

Informatica Cloud Architecture


and Security Overview
Independent Analysis of the Architecture and
Security Features of Informatica Cloud

executive Summary and Overview


Prepared by Mercury This report details the Informatica® Cloud™ solution from an architecture and security
Consulting, a leader perspective. Middleware as a service (MaaS) or Cloud Integration links together multiple
in “Ground to Cloud applications – both on-premise and cloud-based. Highly confidential data can be
Integration.” Mercury transmitted and, in most cases, saved in software as a service (SaaS) applications such
removes the fog around as Salesforce CRM and Force.com. Corporate IT departments need to verify that their
cloud-based software vendors can safeguard this data with high levels of security.
cloud computing by
providing clients with When addressing security in cloud-based applications, there are many architectural
detailed independent layers to consider. From the physical data center to networking to databases and
research on cloud data transmission, the enterprise’s data has the potential to be compromised. In the
applications. companion white paper—“Securing Your Cloud-Based Data Integration – A Best
Practices Checklist”—Mercury Consulting provided a list of security-related issues that IT
managers must address when developing a cloud-based integration strategy. This checklist
spans different layers in the cloud architecture. Table 1 indicates how Informatica Cloud
addresses the checklist for each layer. This list appears in the far right column in Table 1.
This paper describes the support which Informatica provides for each architectural layer
and security issue.

LAyeR DeFINITION CHeCkLIST COveRAge


Physical Facility Represents the actual data center facility where Audit Compliance
the cloud application runs. Includes the computer
hardware, storage devices, security access systems,
backup media storage, and power supplies
Networking The local area network and Internet service Data Transmission, Data
provider networking necessary to link together Standards and Connectivity
physical machines and external devices
Operating System Both the real and virtual operating systems that Data Governance,
contain the cloud application set Audit Compliance
Database Data management system that persists any data Data Governance, Data
stored by the cloud application (including meta Standards and Connectivity,
data) Audit Compliance
Application The actual cloud software application. In this Data Governance, Data
document, the application equals Informatica Transmission, Data Standards and
Cloud. Connectivity, Audit Compliance
Data Transmission In-transit data as information moves between data Data Transmission
sources and targets

Table 1. Informatica Cloud architecture layers, definitions and coverage


Informatica Cloud – Secure at All Layers
It is common to depict SaaS applications in a nice puffy cloud. But that cloud shape
contains an architectural stack ranging from physical hardware to networks to operating
systems and end user applications. Figure 1 represents the typical layers found in cloud-
based services. Cloud integration could be viewed as a specific example of platform as a
service (PaaS). Informatica Cloud connects SaaS applications such as Salesforce CRM and
NetSuite.

User
Front End
Network
SaaS Cloud (Web) applications

Management Access
Services & APIs
Cloud software environment
PaaS
Computational Storage Communication
resources

Provider
IaaS
Cloud software infrastructure

Kernal (OS/apps)
Hardware
Facilities

Service customer Cloud-specific Supporting (IT)


infrastructure infrastructure
Figure 1. Cloud layers

The different colors in the diagram represent the different “owners” of the layers. So the
supporting (IT) infrastructure is usually maintained by an IaaS provider (such as Amazon or
Microsoft), while the cloud-specific infrastructure is managed by Informatica. The service
customer is responsible for providing user-level access control security, which is ultimately
maintained by the corporate IT department.

Level 1: Physical Facility Layer


Controlling and monitoring physical access to the hardware is a high priority, and
surveillance should at least include closed-circuit cameras and patrolling security guards.
Informatica facility partners follow best practices in separation of privileges, least privilege,
access control systems, alarm systems, administrator logging, two-factor authentication,
codes of conduct, confidentiality agreements, background checks, and monitoring visitor
access. Specifically, access to the physical infrastructure is allowed only on a need-to-access
basis. All physical access to the infrastructure is logged and monitored.

[2]
As part of a comprehensive continuity-of-operations plan, Informatica employs two
separate data centers managed by different providers. Each data center acts as a failover
in case of a failure at the other. The switch to a different data center is transparent to
the Informatica customer. Informatica transfers control to the alternate data center by
rerouting DNS entries within the Internet backbone. Once the physical IP addresses
point to the secondary data center, the Internet will propagate this change through the
DNS environment. Very quickly, the secondary data center will be managing all of the
Informatica Cloud integration communications worldwide.

Data retention is another important factor. Here is the Informatica Cloud backup schedule:

1. On-site incremental disk based backups are saved on-line four times per day.

2. Full backups are performed on a weekly and monthly basis.

3. The data retention period is for six months.

Note that only integration metadata is saved in the cloud application. Customer data is
never stored during transit.

Ideally, the cloud provider’s data centers should be geographically distributed around the
world. As of 2011, Informatica data centers are located on the U.S. East Coast and West
Coast. There are plans for non-US based data center targeted for 2012, which will provide
more global coverage and redundancy.

Level 2: Networking Layer


The most visible attack vector in a cloud integration environment is the network layer. All
cloud-based data integration occurs on proprietary networks and on the public Internet.
Firewalls, dynamic firewalls, intrusion detection systems (IDSs), intrusion prevention
systems (IPSs), and network proxies are the basic network devices for protecting the
network border. Specifically, Informatica provides the following network-based security
controls:
• Firewall-related protections include these features:
• Segment networks to ensure infrastructure access security. Separate DMZ
from all back-end processes through firewalls.
• Load balancer and firewall policies limit the type of access allowed to each
network segment.
• Firewall imposes Network Address Translation to unpublished addresses.
• Firewall disables Internet Control Messaging Protocol (ICMP) and telnet.
• Firewall enables only software-related TCP ports.
• Installation of split DNS protects server exposure to the Internet.
• Two-layer password protection is available on all network equipment.
• SSL encryption is enforced to all security-related pages, including login page.
• IPS/IDS are implemented to fend off potential attacks from the Internet. The Cloud
application is constantly monitored and if any breach is detected, the affected parties
would be contacted as soon as possible through the contact mechanisms registered
with the service.

[3]
Informatica hires independent security analysts to perform annual penetration tests
throughout multiple levels of the network. If a detected scan/probe/attack occurs, the
address is blocked at the border routers and alerts are sent within one hour. If the attack
is successful, this event is classified as a “security incident”. Incident response begins, which
involves immediate investigation and mitigation with all the appropriate parties.

Level 3: Operating System Layer


Because the customer interacts only with a virtualized environment, the provider is
responsible for maintaining and monitoring the hardware. The provider should audit
hardware configurations to verify that nothing has tampered with them. Otherwise, the
provider is concerned primarily with availability and should document and report as with
the facility layer. Informatica technology ensures that the hardened operating systems’
images have not been tampered with. Informatica users do not have the ability to execute
arbitrary code, so no intentional attempts to compromise the OS are possible. Through
Informatica data center partners, the following security measures have been taken:
• Each system and application has an integrated security system. Administration access
to each server requires security token and password authentication.
• The password is changed on a regular basis.
• Secured shell (SSH) access to all servers is available.
• Operating systems, servers, routers, firewalls, and databases are patched with the
most current security releases.
• All unnecessary ports and services are disabled.

Level 4: Database Layer


Cloud integration applications are inherently database driven. Data is extracted from and
inserted into databases. And data transformation rules – so-called metadata – are saved
within a DBMS. This white paper does not address on-premise source and target database
security. We assume that corporate-level data policies protect these data sources. In
the case of accessing cloud-based SaaS products, such as Salesforce CRM, Informatica
Cloud complies with the Web services security implemented by them. Ideally, the cloud
integration provider will not store any customer data within its database. Only metadata
should be saved. Informatica Cloud implements this best practice. And this metadata is
separated from other users of the service.

As Figure 2 shows, the Informatica Cloud repository stores metadata—such as mappings,


application connection information, and transformation rules. This data resides in a
true multitenant database model. Informatica Cloud provides user access controls to
securely manage user’s metadata and to separate client data. During the annual network
penetration and application assessment tests, Informatica Cloud checks for SQL injection
attacks and cross-client data access. (It does this via a prepared statement with named
parameters; it does not allow user-defined SQL queries.) Database servers are not
accessible to the public Internet.

[4]
Secure Agent
Runs on Windows and/or Linux server
(all connections are initiated
by the secure agent outbound)
Salesforce.com
Business Data
{HTTPS/SOAP}
Salesforce
Data

naX.Salesforce.com Informatica Cloud Services


SQL SELECT, ALTER, INSERT UPDATE, DELETE
Metadata
(schema changes,
schedule info)
{SSL} Local Database
or File System

Informatica Cloud
ICS Repository
Mappings
SFDC Metadata
DB Metadata
DB and SFDC conn
Administration and Design Local PC with
auth info (encrypted) Configuration & Maintenance Web Access
{HTTPS}
WS/SaaS front-end

Internet Internal

Figure 2. Overview of Informatica Cloud’s Secure Agent facilitating data integration between a local
database and Salesforce CRM and/or Force.com.

Level 5: Informatica Cloud Application Layer


The Informatica Cloud Secure Agent is a small footprint application that enables secure
communication across the firewall between the client organization and Informatica
Cloud. It is a functionally equivalent, run-time version of the enterprise-class Informatica
PowerCenter ® execution component (about 90 Mbytes in size). All Informatica Cloud data
integration services use the Informatica Cloud Secure Agent to get through the firewall to
access application, relational database and file sources and targets in the client’s local area
network. The Secure Agent consists of a data integration engine and various connectors
to external data sources.

Figure 3. The Informatica Cloud Secure Agent manages data transfer and is run locally behind the
firewall or can be hosted in the cloud. No data resides on Informatica servers.

[5]
The Informatica Cloud Secure Agent works as follows:
• Corporate IT downloads the Secure Agent and installs it as a secure Windows service
(or Linux process). The Secure Agent inherits the access privileges of the user account
that was used for installation.
• The Secure Agent communicates to Informatica Cloud through https protocol through
port 443. All communication initiated by Secure Agent is outbound, so no firewall rules
need to be changed. Built-in health check mechanisms ensure persistent connectivity to
Informatica Cloud.
• The Secure Agent downloads the integration job control information in an encrypted
format and executes the job.
• The Secure Agent then launches the engine to execute the integration job
• Data transfer happens directly from source system to target system and is not staged in
Informatica Cloud. This is an important feature of Informatica Cloud from a data security
perspective. All data resides behind the corporate firewall until it is transmitted securely
to the target.
• The Secure Agent transmits logging and monitoring information about the integration
job to Informatica Cloud.
Informatica Cloud records entitlement changes and user transactions in audit logs,
including username, date, and nature of change. The audit logs are pruned on a quarterly
basis. These logs are always available to customers in the browser UI under administration
section.

Customer Perspective
Informatica Cloud provides layered security based on organizations, licenses, users, and
roles:
• Organizations. Users connect to Informatica Cloud as members of an organization.
• Licenses. They allow organizations to access Informatica Cloud functionality. Licenses
are granted by Informatica operations to organizations. Licenses can expire at regular
intervals.
• Organization Administrator. Each organization has at least one user designated as
the administrator. The administrator creates and manages the Informatica Cloud account
for the organization. The organization administrator is responsible for creating each
user and setting up access rights to Informatica Cloud functionality based on the user
requirements.
• User logins. The organization administrator defines the password policy, including
minimum password length, minimum character mix, password reuse duration, password
expiration duration, and two-factor authentication scheme.
• User sessions. User sessions time out after 30 minutes of session inactivity.
• Roles. Role definitions allow users to access Informatica Cloud functionality. The
administrator grants roles for an organization.

[6]
This role-based security exemplifies best practices on implementing least privilege access
at a very granular level. IT organizations will feel comfortable when setting up Informatica
Cloud because it is similar to other enterprise-class security systems. With respect to
other SaaS applications, such as Salesforce CRM, the user access credentials are stored
in encrypted format. So when the Secure Agent executes, it is able to log in to the SaaS
application with credentials as defined by the enterprise (it does not require root/SA
access).

Informatica Upgrade Policies


One of the benefits of SaaS is that the end customer receives product updates on
a regular basis. All customers stay on the same code base, which the cloud vendor
maintains. With some cloud services, a possibility exists that malicious code or “spyware”
could be injected into the code line through the upgrade process. The cloud provider
needs to ensure that special care is taken to restrict access to source code and to
monitor the upgrade. Informatica Cloud restricts organization access to source code. The
operations employees involved in the upgrade must pass background checks and have
elevated data export classifications.

Informatica Cloud is typically updated multiple times per year. Upgrade notices are
posted on user community sites and emailed to customers at least five business days
prior to the implementation - scheduled maintenance windows are 7:00 – 11:00 p.m.
Eastern Time. Security-related hot fixes are evaluated for their applicability to the
production environment on a regular basis. Critical patches are applied immediately and
other patches are updated monthly. The Informatica Quality Assurance (QA) group will
verify all code check in. The code is certified as a release to operations build. Software is
delivered to the staging site (which is a replica of the production environment). Then QA
performs infrastructure, networking, and functional testing for at least 48 hours. After
successful testing, the software migrates to the production environment, with full rollback
procedures. The Informatica operations group communicates to the customer base
throughout the process. As of 2011, Informatica Cloud has not incurred any production
delays due to an upgrade. Nor has it had to roll back to a previous version.

Updates to the Secure Agent are also managed from the cloud. The stateless nature of
the Informatica Cloud Secure Agent means that it can be replaced/upgraded at any time,
without disrupting operations. The Secure Agent checks for upgrades during the polling
process. Available updates are then automatically downloaded and installed.

[7]
Level 6: Data Transmission Layer
Transmitting data is where the rubber meets the road for a cloud integration solution.
During transmission, many things can go wrong, such as application unavailability, DBMS
issues, network failure, network congestion, and potential “man in the middle”/sniffer
attacks. Fortunately, the Informatica Cloud service addresses these points of weakness.

The Secure Agent checks for application, DBMS, and network availability, when initiating
connections. Availability checking is part of the overall Informatica PowerCenter execution
capability. The Secure Agent also has built-in network resiliency checks for congestion.
If there are any issues, full audit logs are published from the Secure Agent back to the
Informatica Cloud repository.

The primary defense against man in the middle or sniffing attacks depends on ensuring
transport encryption, integrity, and authentication of the communication channel. For
example, message security authentication implies signing and verifying a message (using
XML Signature), ensuring integrity (using XML hash messages), and implementing message-
level encryption (using XML Encryption). Informatica Cloud uses SSL (with 128 bit
certificates), SSH, and IPSec protocols for data transmission and remote access over public
networks. Data transmission implements AES encryption.

Secure Agent to Informatica Cloud Communication: The Secure Agent starts


a power channel listener on premise. When the Secure Agent communicates anything to
Informatica Cloud, it is done through the power channel connection. The Secure Agent
code sets up a virtual socket connection port and when the agent sends something on this
connection, the power channel listener encrypts it with 128 bit encryption and sends it
over port 443 to a power channel server running Informatica Cloud, which then sends it to
the Web application. The Secure Agent moves data directly among sources, local system,
and targets. No data passes through or resides on Informatica servers.

Cloud to Cloud Integration


As more and more enterprises adopt SaaS to run mission-critical applications, integration
between these services will be required. In this case, the Secure Agent will execute within
a virtual environment generated by Informatica Cloud. The virtual environment will “spin
up” the Secure Agent, which then downloads integration instructions (similar to the
on-premise version). The Secure Agent executes these instructions to read/write data
between cloud applications. Again, encryption safeguards in-transit data. And no data is
saved within the Secure Agent.

[8]
Summary
This report detailed how Informatica Cloud addresses cloud integration from a security
perspective. Cloud integration can be implemented in a variety of ways. Informatica Cloud
seeks to minimize the exposure of corporate data, allowing IT departments to have high
confidence that proprietary data will not be exposed on the Internet. At all levels of
the solution, from data center to data transmission, Informatica Cloud implements best
practices that achieve a secure integration experience. The Secure Agent connects directly
from source to target systems – customer data is never staged or stored in Informatica
Cloud. The operations manager provides both line-of-business and IT departments
with secure access to integration jobs. This access furnishes a flexible and controlled
environment to manage integration scenarios. Lastly, data is encrypted during transmission
and is resilient against Internet-based attacks. Data security ranks as one of the biggest
challenges when moving to the cloud. The need to integrate disparate systems is not
disappearing. So the savvy IT department needs to deploy a secure cloud integration
solution to meet today’s business challenges. Informatica delivers such a secure integration
solution.

About Informatica
Informatica Corporation (NASDAQ: INFA) is the world’s number one independent
provider of data integration software. Organizations around the world rely on Informatica
to gain a competitive advantage with timely, relevant and trustworthy data for their top
business imperatives. Worldwide, over 4,440 enterprises depend on Informatica for
data integration, data quality and big data solutions to access, integrate and trust their
information assets residing on-premise and in the Cloud. For more information, call +1
888 345 4639 in in the U.S., or visit www.InformaticaCloud.com. Connect with Informatica
at http://www.facebook.com/InformaticaCorporation, http://www.linkedin.com/company/
informatica and http://twitter.com/InformaticaCorp.

About Mercury Consulting


Mercury (http://www.mercuryinthecloud.com/) is your trusted cloud technology advisor,
specializing in integration services. We make your adoption of cloud services easier
by bringing our deep expertise to design your cloud enterprise and provide unbiased
guidance on cloud vendors and their SaaS solutions.

[9]
Appendix – Service-Level Agreements and Audit Reports
Service-level agreements have become one of the important factors to consider when
evaluating cloud service providers. In some cases they can be rather toothless or not
provide much compensation in case of failure.

Informatica Cloud Audit Findings

Security Area of Review Evaluation


A1. Invalidated Input Meets
Information from Web requests is not validated before being used by a Web application. No Exceptions
Attackers can use these flaws to attack back-end components through a Web application. were found.
A2. Broken Access Control Meets
Restrictions on what authenticated users are allowed to do are not properly enforced. No Exceptions
Attackers can exploit these flaws to access other users’ accounts, view sensitive files, or use were found.
unauthorized functions.
A3. Broken Authentication and Session Management Meets
Account credentials and session tokens are not properly protected. Attackers who can No Exceptions
compromise passwords, keys, sessions, cookies, or other tokens can defeat authentication were found.
restrictions and assume other users’ identities.
A4. Cross-Site Scripting Meets
The Web application can be used as a mechanism to transport an attack to an end user’s No Exceptions
browser. A successful attack can disclose the end user’s session token, attack the local were found.
machine, or spoof content to fool the user.
A5. Buffer Overflow Meets
Web application components that do not properly validate input can be crashed and, in No Exceptions
some cases, used to take control of a process. These components can include CGI, libraries, were found.
drivers, and Web application server components.
A6. Injection Flaws Meets
Web applications pass parameters when they access external/perimeter systems or the No Exceptions
local operating system. If an attacker can embed malicious commands in these parameters, were found.
the external system may execute those commands on behalf of the Web application.
A7. Improper Error Handling Meets
Error conditions that occur during normal operation are not handled properly. If an attacker No Exceptions
can cause errors to occur consistently, he or she can gain detailed system information, deny were found.
service, cause security mechanisms to fail, or crash the server.
A8. Insecure Storage and Transport Meets
Web applications frequently use cryptographic functions to protect information and No Exceptions
credentials. These functions and the code to integrate them are difficult to implement were found.
properly, frequently resulting in weak protection.
A9. Application Denial of Service Meets
Attackers can consume Web application resources to a point where other legitimate users No Exceptions
can no longer access or use the application. Attackers can also lock users out of their were found.
accounts or even cause the entire application to fail.
A10. Insecure Configuration Management Meets
Having a strong server configuration standard is critical to a secure Web application. These No Exceptions
servers have many configuration options that affect security and are not secure out of the were found.
box.

Vulnerability Business Likelihood of Level of Recommended


Description Risk Exploitation Expertise Remediation
Required
None None None None None

[ 10 ]
Informatica Cloud Customer Service and Support Details
Of course, there may come a time when the IT department needs to call for help from
its cloud integration provider. Just as in other outsourcing decisions, understanding
support parameters is key to success. Support can be measured in terms of availability,
response time, and escalation process. For example, the Informatica Cloud Help Desk is
available 12x5 for noncritical issues, and 24x7 for critical issues. The hours of operation for
noncritical issues are 6:00 a.m. to 6:00 p.m. Pacific Time, Monday through Friday, excluding
Informatica Cloud holidays. Informatica Cloud will respond within four hours for critical
incidents and one business day for noncritical. When Informatica Cloud becomes aware
of an outage, the impacted enterprises will be contacted. Likewise, when Informatica
Cloud needs assistance diagnosing on-premise connectivity, Informatica Cloud will need to
contact individuals at the enterprise site. For example, if an enterprise reports inability to
access the Informatica Cloud login page, yet Informatica Cloud can confirm that the login
page can be reached from other external sites on the Internet at large, Informatica Cloud
will communicate with the enterprise’s desktop and/or network administrators.

In case a problem is not resolved via level 1 help desk support, Informatica Cloud posts
the following escalation process (among others):
Severity-1 Production site is down.
Impact Customers lost connectivity to Informatica Cloud production
site, and no workaround is immediately available.
Target Services Restoration 30 minutes from initial alert/report
Report to Internal Support/ Immediate
Web Site
Report to External Support/ 10 minutes after service is restored
Trust Site

Timeframe Internal Escalation Customer Escalation


Immediate •Sales Engineering / Sales •Global Customer Support
•Operations / Engineering contact •Customer Success Management
1 hour •VP of Engineering •VP of Customer Support
4 hours •General Manger of Informatica Cloud

[ 11 ]
© 2011 Netspective Communications LLC 52304 (10/14/2011)

[ 12 ]

You might also like