For any SaaS or cloud computing application, security is a multidimensional business concern that must be carefully scrutinized. At Boomi, we are keenly aware that our AtomSphere platform manages the integration of your most critical business information and business processes. We have engineered AtomSphere to address security at three distinct points: the network and facilities infrastructure, the application and platform layer, and at the data level. This three-tiered security approach ensures that your data is never exposed to unauthorized parties, remains safe in transit between applications, and that you are able to access your data whenever and wherever you want.
It is important to note that at no point during the integration process does Boomi store data. AtomSphere is engineered to optimize interoperability of applications and facilitate your integration processes without saving your data in our data center – unless specifically configured to do so.
Network & Facilities Infrastructure Security
The Boomi infrastructure has been deemed SAS70 Type II compliant as per the audit requirements of the American Institute of Certified Public Accountants. The configuration of the data center includes SAS 70 Type II attestation and Level l PCI DSS compliance, best-of-breed security (routers, firewalls, IDS and DDoS protection), redundant IP connections to world class carriers terminated on our carrier grade network, redundant UPS power, diesel generator backup, and HVAC facilities, and multipoint monitoring of key metrics alerts for both mission critical and ongoing maintenance issues.
Application & Platform Security
Atom Communication Security
The Boomi Atom has been carefully architected with your security in mind. Because the Atom can reside on your network or be hosted in our data center, it is important that there are extensive security measures in place in order to prevent any compromise in your data or the Atom. During deployment, the Atom and all of its contents are verified and authenticated by the Boomi data center before activation. Data is never sent to the AtomSphere data center unless explicitly configured by user to do so.
The Atom communicates information to the Boomi AtomSphere in two modes, ongoing/automatic communications and user-initiated communications.
Automated Communication
The following information will be transmitted to the AtomSphere data center automatically by the Atom:
- Online Status - the Atom will communicate on an ongoing basis with the AtomSphere data center to indicate its status. This ensures uptime of any deployed Atom, and the AtomSphere service will know in near real-time if the Atom goes offline for any reason.
- Tracking Information - file name, directory, etc. of the files processed (if applicable) as well as success/failure counts, process executions, etc.
- Integration Process Updates: The Atom will periodically check for and apply any updates to the configuration of the integration processes that have been made by the AtomSphere user.
- Atom Updates - the Atom will periodically check for and apply any updates to the Atom code itself.
User Initiated Communications
The following information is transmitted by the Atom to the AtomSphere data center upon request by an authorized AtomSphere user:
- Logging Information - information about the execution of a specific integration process. The total execution time, along with logging for each step of the process, and error messages that pertain to an execution failure if one occurred.
- Error Details - a detailed error message explaining what the error was that caused a specific execution of an integration process to fail.
- Connector browsing (for specific connectors- when building processes, database schema information can be transmitted in order to define the field mapping rules. No actual data is transmitted however, just the schema information.
On-Premise Data Communication Security
After the Atom is deployed behind the firewall, the Atom will continuously be in contact with the AtomSphere data center for 'tracking' and 'status' information. No inbound firewall ports need to be opened in order for the Atom to communicate with the data center as all communication is initiated by the Atom to the data center. The Atom will always initiate the connection and there is NEVER 'pushing' of data from the data center to the Atom. When the Atom initiates the connection to the data center, it will always authenticate the data center before sending data using an SSL handshake and will use the digital certificate that is automatically created during AtomSphere registration (see Password Encryption Security).
Data Communication Security Standards
To ensure the security of data in transit, Boomi AtomSphere makes use of the latest and most stringent data communication security standards. All communication from Atom to data center uses SSL 128 bit encryption. All outbound communication from Atom to data center is HTTPS, port 443. And, the Atom uses a standard SSL Handshake to authenticate with platform.boomi.com
Password Encryption Security
The diagram below illustrates the password security method that is applied when a user registers for Boomi AtomSphere and how passwords are encrypted.
- During Registration - When a user registers and activate their account, Boomi generates a private/public x509 key (PKI). We store both the public cert and the private key in our secure data center.
- During Build - When creating a Connector, users will be prompted to enter their password. The password is then encrypted and stored for the account. Only the account holder can decrypt with the password used to unlock the private key (that matches the public key used to encrypt the password).
- Deployment - When you deploy an atom, the entire encrypted string gets deployed to that Atom and the credentials of your account supplied during Atom deployment will unlock the communication password at runtime.
Certificates
Certain AtomSphere application Connectors use certificates in order to ensure security when transmitting data across a communication protocol. Connectors such as FTPS, SFTP, HTTPS, AS2, and many others require the use of certificates in order to encrypt data and channels and to verify the digital signature of the person sending the data. The Certificate Component can use an existing key obtained from a certificate authority such as Verisign or Thawte or make use of a key generated by Boomi. Keys generated from Boomi are no less secure than purchased certificates.
Data Security
At no point during the integration process does AtomSphere retrieve, access or store your data. AtomSphere merely supports the necessary data mapping rules to affect interoperability and facilitate your integration processes. You configure and maintain the flow of data, with AtomSphere supporting the data mapping development, deployment, and management of such data.
On-Premise Data
Data that processes through an 'On Premise' Atom will never actually flow through the AtomSphere data center. The data is stored behind the firewall on a customer server where the Atom is deployed and is transported directly to either the SaaS or 'On Premise' application through a Connector configured to the specific security requirements of the user. Only 'tracked' or 'status' data is sent to the data center when the user initiates a request from the data center to the Atom
Hosted Data
For Atoms deployed in our data center, you will have all the security that our data center infrastructure provides in order to ensure that your data resides in a system that will keep it secure. These data centers provide the highest level of SaaS security available. This will ensure that all your data for your hosted Atoms is fully secure and only accessible by your account.
