Adeptia Connect provides a secure end-to-end encrypted environment for all the data that is transferred and exchanged between the companies and its partners. Adeptia has multiple features that are implemented right from the implementation until a the transaction is complete. This ensures that all the user data transacted through Adeptia is secured and does not move out. Following is the list of security features of Adeptia Connect.
- Certificates
- Data Encryption
- Logical Separation of Objects
- User Authentication
- Role-Based Security
- User Authorization
- Data Security
| Anchor | ||||
|---|---|---|---|---|
|
Certain Adeptia Connect Connectors use certificates in order to ensure security when while transmitting data across a communication protocol. Connectors such as FTPS, SFTP, HTTPS, and many others require the use of certificates in order to encrypt the data and channels and to verify the digital signature of the application sending the data. The Certificate Component can use an existing key obtained from a certificate authority such as VeriSign or a key generated by Adeptia.
On-Premise Installation in DMZ Environment
...
Encryption is the process of encoding the data in such a way that it can be read only by the authorized users. The purpose of encryption is to prevent third parties from recovering the original data. In an encryption process, the data (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable ciphertext. This is usually done with the use of an encryption key, which specifies how the data is to be encoded. An adversary may be able to see the ciphertext but should not be able to decode the original data. An authorized party, however, is able to decode the ciphertext using a decryption algorithm which usually requires a secret decryption key. The adversaries do not have an access to this key. An encryption process usually needs a key-generation algorithm to randomly produce keys.
Adeptia enables you to apply encryption and decryption to the source and target files being transported via Adeptia Server. This enhances the security of the file being transported. To use encryption and decryption in Adeptia Suite, a new feature Data Security has been added in Adeptia Suite. You can now encrypt the source file to be sent and in a similar way, you can decrypt an encrypted file received via Adeptia Server.
...
- Application Security
- Data Security
- Infrastructure and Hosting Security
...
| Anchor | ||||
|---|---|---|---|---|
|
Adeptia Connect follows these guidelines to logically separate objects.
- One company's objects cannot be accessed by any other company
- Every object tagged with Company ID (Tenant ID)
- Data store schema design
- Code/logic enforces access by Company ID
- Encrypted Databases and Storage
| Anchor | ||||
|---|---|---|---|---|
|
Adeptia Connect follows these guidelines to provide secure authentication for user access.
- Admin users approve other users
- User Management console availableUsers are added through invitation only
- User monitoring by the admin
- Password policies
- Strong password enforced
- Password retries are limited
- Password expiry option available
- Users can be deactivated /paused before deleting
- Separate environments for separate departments to segment users
| Anchor | ||||
|---|---|---|---|---|
|
Adeptia Connect follows these guidelines to provide Role-Based Security.
- Admin – IT Users
- Manage access
- Monitor User activity
- User Control
- Governance
- Admin can give access to business users
- Admin controls what connectors are available
- Audit Trail
- Track who did what and when
- Object Locking
- Prevent changes to approved objects
| Anchor | ||||
|---|---|---|---|---|
|
Adeptia Connect follows these guidelines for User Authorization.
- Access to Shared Connections templates and transactions is only allowed to authorized customers or partners
- Systems Admin can track all those who are authorized
- Admin has the ability to grant and revoke access
Anchor Data_Security Data_Security
Data Security
| Data_Security | |
| Data_Security |
It is important to note that at no point during the Connection configuration or run-time process does , Adeptia Connect store the data. Adeptia Connect is engineered to optimize interoperability of applications and facilitate your integration processes without saving your data in our data center, unless specifically configured to do so. The logging history is deleted after the transaction is successfully completed.
There is no data stored on Adeptia and the local copy of the data is deleted automatically when the data transfer is completed. Even when a temporary local copy of business data is stored on the hard drive, Adeptia supports encryption-at-rest to ensure that data is encrypted.
On-Premise Data – Data that processes through an 'On Premise' Adeptia Secure Engine will never actually flow through cloud data center. The data is stored behind the firewall on a customer server where the Connection is executed and is transported directly to the Secure Engine configured behind your company's firewall.
Summary
Adeptia takes security very seriously and has gone to great lengths to ensure the integrity of customer data. Some of the important findings in the Security Assessment Report are:
- The application is architected to not to save a local copy of the customer data. If data does not exist, it cannot be compromised
- Customers may select to utilize dedicated servers for processing of their data, this ensures their data is at no time in the multi-tenant environment
- All web access to Adeptia Connect is through thru secure HTTPS connections
- All access to sources and targets is through thru secure SSL connections
- Adeptia Connect is architected to prevent attacks such as SQL injection, cross-site scripting, OWASP Top 10 risks and many others.
- Adeptia utilizes a third party, independent company to do regular penetration and security vulnerability assessment tests.