The SnapLogic Elastic Integration Platform consists of the Integration Cloud, a multi-tenant cloud service for creating, managing and monitoring your integrations, and the Snaplex, the elastic execution grid for data processing that can run in the cloud, behind your firewall and/or natively in a Hadoop cluster. SnapLogic security is comprised of a combination of policy, procedure and technology spanning physical, network, infrastructure, platform and data, ensuring that your private and sensitive data is always protected. SnapLogic adheres to security best practices, runs regular internal security audits and maintains policies that span operations, data, passwords and credentials, facilities and networks, and connectivity. Additionally SnapLogic does not observe, store or interact directly with sensitive customer data.
Compliance with SnapLogic’s security policies are maintained through regular audits. All cloud services are SSAE 16 SOC 2 Type 1 certified. See the full list of SnapLogic security and compliance certifications.
Communication between the SnapLogic Integration Cloud, the control plane and the on-premises processing components (Groundplex), sometimes referred to as the data plane, is established via SSL encryption on port 443, the standard secure port used for secured HTTP traffic. Established links communicate using the standard “web sockets” protocol (RFC 6455) enabling the full range of control communication. Communication between the control plane and cloud-based processing components (Cloudplex) is over HTTPS.
The SnapLogic UX (Designer, Manager and Dashboard) communicate with the Groundplex over HTTPS secured communication from the browser.
Read the whitepaper: SnapLogic Elastic Integration Technical Whitepaper.
The SnapLogic Integration Cloud is a stateless engine, which means it does not store runtime or business-related data. Only customer metadata is stored in the SnapLogic Integration Cloud. Snaps leverage the endpoint security provided by whatever it is connected to (application, database, file, etc.) whether using a secure JDBC connection to a database or invoking a HTTPS-based REST or SOAP API as part of the integration pipeline. If the endpoint supports data encryption, Snaps can also be configured to send and receive encrypted data. Account credentials used to access endpoints from SnapLogic can also be encrypted using a private key/public model. The data is encrypted with a public key before it leaves the browser, then is decrypted with a private key on the Groundplex.
Learn more about SnapLogic Snaps.
The SnapLogic Integration Cloud server supports an authentication and privilege model that allows the administrator to grant, limit or restrict access to components and pipelines. The server applies access rules to all requests, and grants or denies access depending on the type of operation attempted by the user. Users who share a particular responsibility can be assigned to groups.
SnapLogic also supports Single Sign-On (SSO), allowing users to be authenticated via SAML-2 compliant Identity Providers, such as OpenAM or Okta. The authentication configuration can be modified to enhance the security configuration.
The SnapLogic Integration Cloud metadata and log files are hosted on the Amazon Web Service (AWS) cloud infrastructure – one of the most powerful, flexible and secure state-of-the-art cloud computing environments available today. 100% Amazon Web Services based, SnapLogic inherently leverages the security and compliance capabilities of AWS.
The multi-tenant SnapLogic Integration Cloud leverages the comprehensive security and certifications provided by AWS. In addition, SnapLogic applies its own security precautions for the Integration Cloud, including the latest security and resilience patches, and third-party security audits.
The SnapLogic Elastic Integration Platform has achieved certification from TRUSTe adhering to TRUSTe’s strict online privacy principles and protecting the privacy of personal information collected through our application.
In 2016, SnapLogic worked with A-LIGN.COM, a nationwide security and compliance solutions provider, to perform an in-depth audit of the control objectives and activities for SnapLogic iPaaS. SnapLogic is proud to announce that the control procedures for the SnapLogic Online iPaaS service has been verified in a SOC 2 Type II report.
The SOC 2 Type II report includes management’s assertion of SnapLogic’s systems and the auditor’s opinions on the fairness of descriptions, suitability of design, and operating effectiveness of the controls. While SnapLogic Online iPaaS service has always held itself to extremely high standards, the successful completion of this third-party audit provides SnapLogic customers assurances that appropriate controls and practices are in place and demonstrates SnapLogic’s ongoing commitment to providing customers a secure and reliable service.
This achievement is the newest addition to SnapLogic’s other certifications. Earlier, SnapLogic received compliance with the U.S.-EU and U.S.-Swiss Safe Harbor Framework regarding the collection, use and retention of personal data from the European Union member countries and Switzerland. SnapLogic customers can always get up-to-the-minute service status information and notifications by visiting our site trust.SnapLogic.com. Customers can automatically receive proactive notifications about scheduled and unscheduled outages. By maintaining transparency with our customers, we hope to not only demonstrate our outstanding service levels, but also ensure that all of our customers are consistently successful using our service.
SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Boards (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls.
What is a service company / organization?
Service organizations are entities that provide outsourcing activities that are relevant to the control environments at user organizations. Examples of services organizations include application service providers.
ISAE 3402 is an extension and expansion of SAS 70 (the Statement on Auditing Standards No. 70) which defined the standards an auditor must employ in order to assess the contracted internal controls of a service organization.
The following is a summary of all security and compliance across the SnapLogic platform.
Security SnapLogic employs a defense in depth approach to security, utilizing best of breed solutions combined with sound, prudent and effective security practices which include:
Compliance SnapLogic maintains strong technology partnerships with vendors which comply with, or whose security and compliance programs align with some or all of the following: