Automation Hero Security: Quick Overview
Authentication & Authorization
Automation Hero provides multiple options for authenticating and managing end users including, LDAP, Active Directory (AD) OAuth2 and SAML. Administrators can configure Automation Hero’s security to use their existing LDAP, Active Directory system or OAuth2 framework and SAML as the system of record for centralized management.
This includes user identity and credentials. End users can authenticate into Automation Hero using familiar credentials, which are checked against LDAP/AD/OAuth2/SAML on every login and they are identified as a member of group(s) just like in LDAP/AD including rested groups and multiple domains Access to Automation Hero is denied if the remote system no longer sanctions the end user to simplify Automation Hero administration and allow users to use common credentials for Automation Hero access.
All authentication history is captured and stored in dedicated logs to facilitate security audits. Automation Hero provides role-based access with delegation, reserving certain actions for administrators only. Artifacts remain under the control of the author until shared at the group level. This applies to data stores, sources, uploaded files, data flows, and sinks. Automation Hero supports connectivity to LDAPS (often called LDAP over SSL). LDAP communications between applications are not encrypted by default.
Custom roles allow IT to control which users can perform specific tasks within the Automation Hero application. The viewing, creation and execution of flows (such as ingest and analytics) are governed by role membership, as are performance of administrative functions and the scope of artifact sharing. Automation Hero maintains a “private folder” of data in distributed file systems or network attached storage. Access to raw and imported data and analyses results can be restricted by a user.
Encryption Al data is encrypted during transport and storage (at rest). Encryption strength and algorithms are customizable. To secure traffic between the end-user’s browser and the Automation Hero application server, Automation Hero supports the use of HTTPS (HTTP over SSL). This requires a simple configuration change to Automation Hero and for end-users to use the correct URL. All end user credentials, data store passwords and keys (SSH, EC2, etc.) maintained by Automation Hero are masked in the UI and encrypted in the Automation Hero metadata store.
- Pluggable encryption algorithms and strength
- Encryption of data from source to data flow
- Encryption of data from data flow to sink
- Encryption of any temporary written data (e.g. when data needs to be cached for a reduce-side join)
- Encryption key rotation (on request)
Automation Hero Security
As some implementations need to be optimized for security and some for performance, Automation Hero allows granular configurations of individual security capabilities, including: General Data Protection Regulation (GDPR) Compliance Automation Hero is GDPR-complaint based on the below measures and is configurable based on the customer’s policy.
- Encryption of all communication between the node if configured
- Https access for the web-based admin console
- Integration into authentication providers such as OAuth, OAuth2, LDAP, SAML or Microsoft Active Directory
- Audit and access logs
- Any company using Automation Hero and their respective customers have the right to access, or the right to obtain confirmation as to what purpose Automation Hero is processing their data
- Any company using Automation Hero and their respective customers can easily update their own personal information to keep it accurate
- Any company using Automation Hero and their respective customers have the right to request Automation Hero erase their data, cease its dissemination and have third parties discontinue processing their data
- Automation Hero maintains confidentiality through data encryption
- Automation Hero automatically deletes unused data (configurable)
- Automation Hero excludes opt-out customer data points (configurable)
- Data use is based on purpose limitation and data minimization