Security automation from the ground up.
With extensive experience in the financial services, telecommunication and government industries, we understand the complex security needs of a data platform to fulfill internal and regulatory requirements.
Authentication & Authorization
Automation Hero provides multiple options for authenticating and managing end users including, LDAP, Active Directory (AD), OAuth2 and SAML. Administrators can configure Automation Hero to use their existing LDAP, Active Directory system, OAuth2 framework and SAML as the system of record for centralized management. This includes user identity and credentials.
Automation Hero supports connectivity to LDAPS (often called LDAP over SSL). LDAP communications between applications are not encrypted by default.
Custom roles allow IT to control which users can perform specific tasks within the Automation Hero application. The viewing, creation and execution of flows (such as ingest and analytics) are governed by role membership, as are performance of administrative functions and the scope of artifact sharing.
Automation Hero maintains a “private folder” of data in distributed file systems or network attached storage. Access to raw and imported data and analyses results can be restricted by a user.
End users can authenticate into Automation Hero using familiar credentials, which are checked against LDAP/AD/OAuth2/SAML on every login and they are identified as a member of group(s) just like in LDAP/AD including rested groups and multiple domains. Access to Automation Hero is denied if the remote system no longer sanctions the end user to simplify Automation Hero administration and allow users to use common credentials for Automation Hero access. All authentication history is captured and stored in dedicated logs to facilitate security audits.
Automation Hero provides role-based access with delegation, reserving certain actions for administrators only. Artifacts remain under the control of the author until shared at the group level. This applies to data stores, sources, uploaded files, data flows, and sinks.
Al data is encrypted during transport and storage (at rest). Encryption strength and algorithms are customizable.
All end user credentials, data store passwords and keys (SSH, EC2, etc.) maintained by Automation Hero are masked in the UI and encrypted in the Automation Hero metadata store.
To secure traffic between the end-user’s browser and the Automation Hero application server, Automation Hero supports the use of HTTPS (HTTP over SSL). This requires a simple security automation configuration change to Automation Hero and for end-users to use the correct URL.
As some implementations need to be optimized for security and some for performance, Automation Hero allows granular configurations of individual security capabilities, including:
- Pluggable encryption algorithms and strength
- Https access for the web-based admin console
- Integration into authentication providers such as OAuth, OAuth2, LDAP, SAML or Microsoft Active Directory
- Audit and access logs
- Encryption key rotation (on request)
- Encryption of data from source to data flow
- Encryption of data from data flow to sink
- Encryption of any temporary written data (e.g. when data needs to be cached for a reduce-side join)
- Encryption of all communication between the node if configured
Ensuring Data Security Across the Automation Hero Platform
This document outlines and defines the security measures Automation Hero follows to maintain the safety and integrity of all data handled by our platform.
General Data Protection Regulation (GDPR) Compliance
Automation Hero is GDPR-complaint based on the below measures and is configurable based on the customer’s policy.
- Any company using Automation Hero and their respective customers have the right to access, or the right to obtain confirmation as to what purpose Automation Hero is processing their data
- Automation Hero maintains confidentiality through data encryption
- Automation Hero automatically deletes unused data (configurable)
- Automation Hero excludes opt-out customer data points (configurable)
- Data use is based on purpose limitation and data minimization
- Any company using Automation Hero and their respective customers can easily update their own personal information to keep it accurate
- Any company using Automation Hero and their respective customers have the right to request Automation Hero erase their data, cease its dissemination and have third parties discontinue processing their data