At Etlworks, our most important job is to keep your data safe along the way.
- Etlwork's servers are hosted in Amazon Web Services and Azure, which provides assurances for their physical and virtualized computing environments, including SOC 1, 2, and 3, and ISO/IEC 27001.
- Etlworks operates within Virtual Private Cloud (VPC), with subnets segregated by security level and firewalls configured to restrict network access.
- Etlworks regularly performs automated vulnerability scans and installs security updates and patches.
- Etlworks applications and environments are regularly audited by third-party security professionals conducting specialized penetration tests.
Perimeter security addresses security at the periphery of any private network, right where it connects to the public Internet. Firewalls and other elements of the perimeter protection infrastructure enforce access control policies that govern which information enters and leaves the network.
We install and configure the following elements of the perimeter protection infrastructure:
- System firewall
- Reverse proxy server
- Load balancer
Perimeter protection policies
- We use only SSL Connections.
- We open only port 443 for inbound traffic.
- We terminate SSL Connections on the last element of the perimeter protection infrastructure: the load balancer.
- For inbound and outbound emails, we use a trusted enterprise-level third-party service, with manually configured spam filters.
Authentication and Access Control
You must be authenticated to access any of the resources within the Etlworks Integrator, including but not limited to:
- Elements of the interface.
- Functions, such as the ability to create Flows and Connections, run Flows, etc.
- API endpoints.
We use JWT-based security, which is completely stateless and does not use sessions or cookies.
Two-factor authentication adds an extra layer of security on top of your username and password when logging into the Etlworks Integrator. It requires verification of the log in through a second linked device, such as Google Authenticator.
The Etlworks Integrator implements role-based access control (RBAC). In Role-Based Access Control, access decisions are based on an individual's roles and responsibilities within the user base.
In the Etlworks Integrator, each user can be assigned only one role.
The following roles are available:
- SuperAdmin: has unrestricted system access.
- Administrator: has full control over data; can create, edit, delete, execute Flows, Connections, and Formats and manage users.
- Editor: the same as Administrator, but cannot manage users.
- Operator: can view and run Flows/Schedules and view execution statistics.
- Viewer: can only view Flows, Schedules, and execution statistics.
- API User: a role for making authenticated calls to user-defined API endpoints (Listeners) that sees nothing in the system except their own API messages.
- Strong passwords are enforced.
- JWT tokens are short-lived and they automatically expire.
- The user registration is invitation-based. New users must complete the registration in the Etlworks Integrator after receiving an invite by email.
- It is required to have a real email address in order to sign up for the service or create a new user.
Etlworks classifies your data and credentials as our most critical assets. We strictly control access to data and credentials and require them to be encrypted using industry-standard methods both at rest and in transit within our environment.
Encryption during transmission
The Etlworks Integrator web application uses encrypted communication. HSTS is used to ensure browsers always encrypt all communication with the Etlworks Integrator.
The Etlworks Integrator offers secure options for making Connections to all data sources and destinations, including SSH tunneling, SSL/TLS, and IP whitelisting. In addition, the Etlworks Integrator exclusively uses HTTPS for all web-based data sources.
Encryption of credentials
In the Etlworks Integrator, all credentials, including JWT tokens, are encrypted using industry-standard methods by a strong encryption algorithm.
File encryption using PGP
Read more on how to encrypt files using the PGP algorithm.
Protection for the API endpoints
All API endpoints in the Etlworks Integrator, including the private ones, are protected by short-lived JWT tokens.
Logs and notifications
The Etlworks Integrator provides direct access to logs from data integration Flows for auditing and sends notifications to users when error conditions are encountered.
When you subscribe to our service, we ask you to enter contact information, such as a valid email address. We keep it in our database, which is completely isolated from the Internet.
When you place an order with us, we redirect you to our payment gateway provider, where you will continue entering sensitive/credit information over a secure SSL Connection.
We don't store credit card information on our servers.
Our data protection policy is very simple –– we don’t have access to your data at all unless you opt-in to store it on our servers.
Data protection policies
- We always encrypt credentials.
- We never send credentials to a web browser, so there is no way to view them anywhere in the Etlworks Integrator.
- Etlworks educates employees about their role in keeping customer data safe and mandates policies that protect your data.
- Etlworks monitors application, system, and data access logs within its production environment for anomalous behavior.
- Etlworks maintains documented policies and procedures for handling security incidents, including timely notifications to affected customers in case of a verified data breach.