This document is for all integrator.io customers, including Free Trial (30-day Free Trial for full use) and Free Edition (a single flow used free) users.
integrator.io is an iPaaS integration tool for integrating your data from one endpoint to another (typically two SaaS endpoints used for business). integrator.io doesn’t persistently store any processed data. Think of it as a pipeline of data traveling between endpoints. All in-process data is deleted on completion of the integration. These endpoints can be nearly anything that has an API, and Celigo has many prebuilt flows and templates to build upon. Your endpoint security is of paramount importance to keeping your data secure. Just as critical are the processes used to manage your integrations in integrator.io
Disclaimer: This information does not constitute legal, security, or compliance advice. Rather, it is intended to start the thought process for a secure and compliant integration implementation by you and your team. Establishing and maintaining appropriate measures to achieve a secure and compliant integration implementation is solely your responsibility. We encourage you to use best practices in doing so, including to discuss all such matters with your own legal, privacy, security, and compliance teams.
Celigo prioritizes the security of your data (both in motion, and for the short time it is at rest during processing). We do not persistently store any data we integrate for you. integrator.io encrypts data at all points throughout the integration process, with the caveat that you are responsible for selecting secure endpoints. For some sites, like NetSuite, those endpoints are always HTTPS and TLS 1.2 or better. Endpoint security cannot always be assumed. TLS 1.0 and 1.1 have been deprecated for security vulnerabilities, and security threats can jeopardize the safety of data traveling to or from unencrypted HTTP endpoints or encrypted HTTPS endpoints that use TLS less than 1.2. Celigo recommends always using HTTPS endpoints. While integrator.io will select the highest level of TLS available, it still requires due diligence on your part to ensure the endpoint meets your security requirements.
This document describes other aspects of managing your integrations that are also your responsibility:
- Account management
- Endpoint management
- Business continuity planning
- Security incidents or events
- Complementary user entity controls
You and your account owner and administrator(s) are responsible for establishing and terminating user accounts within integrator.io. You and your staff are responsible for keeping integrator.io user account credentials secure and managing user accounts.
Recommendations for account security
The first person to sign in to your instance of integrator.io becomes the account owner. Account owners have full permission to perform all possible actions in an account, and can transfer their ownership of the account to a different user if necessary.
You can assign administrator, manage, or monitor permissions to any user who accepts an invitation to access your instance of integrator.io. Both account owners and administrators can promote or demote other users as needed. See Manage account and integration permissions for all information related to user permissions.
integrator.io passwords must meet the following system-enforced requirements:
- at least one lowercase letter
- at least one uppercase letter
- at least one number
- at least 10 characters long
- should not match with the previous 20 passwords (when changing the password).
Note: integrator.io also has functions for users to reset forgotten passwords.
Multiple options exist for provisioning users of Celigo’s integrator.io products. Those options may all meet a customer’s security needs based on internal analysis. Celigo recommends the following approach as a best practice for your consideration.
- The account owner email address should ALWAYS be on the same domain as the company.
- Never use an email that is not under your full control as the account owner email. You should be able to activate, deactivate, and access the account owner’s email should the account owner leave the company.
- Use an email alias such as email@example.com for the account owner. Avoid using an email address that is bound to the name of the person acting as the account owner in your organization.
- Store the password for the account owner email in a secure location accessible by at least two people with disaster redundancy in mind. Examples could include:
- A secure password manager with credentials accessible by two users.
- Credentials printed and stored safely in two locations accessible by different users.
- A combination of both approaches.
Important: Do NOT use the account owner email for day-to-day access or administration of integrator.io.
Log in as the account owner initially, and assign at least one administrator using a named email address (firstname.lastname@example.org).
Note: The only reason to log in as the account owner would be to transfer account ownership to another email address, which is unlikely except for changes in corporate structure.
The designated administrator(s) will login in with their personal credentials and perform administrative functions. External vendors, consultants, or contractors should never be the owner of your account.
Do not use aliased user accounts such as email@example.com for anything but read-only purposes or the account owner login. integrator.io users are responsible for creating connections to endpoints, and ensuring that the credentials used by such connections have the appropriate level of privilege. Follow the principle of least privilege to ensure that connections have only enough access to perform the tasks required by the job.
Administrators have all the same permissions that an account owner has to modify user roles; but, an administrator cannot alter the permissions of an account owner or transfer ownership of the account to another user.
The administrator can invite other integrator.io users to their integration environment and configure their permissions to view or change integrator.io components.
Administrators can invite new users and assign or modify user permissions. (Administrators can also add new administrators.) Administrators can delete users from an account, change their own permissions, and delete themselves from an account.
Recommended user-permission model
Start with a secure and dedicated account owner email address that is not bound to a specific user’s name, then create one or more administrator accounts that can fulfill all other permission assignments for additional users.
As mentioned above, always use HTTPS. You are responsible for using secure encrypted HTTPS (SSL/TLS) connections for all of their interactions and connections made from one SaaS endpoint to another SaaS endpoint with integrator.io.
You are solely responsible for the rotation of your endpoint API access tokens or credentials. Where possible within your endpoint systems, create customized roles for the integration access used by integrator.io. These roles should provide the least-privileged access required to accomplish the integration objective. Concerns for efficiency may result in the usage of administrative roles for integration development, but these should be changed at go-live to less-privileged roles. The effort to design and test custom roles in the endpoint systems is solely your responsibility unless explicitly stated otherwise in a statement of work.
As with endpoint management, always encrypt by using SFTP or FTPS. These are available when you develop your integration, but it requires that your FTP endpoint supports Secure FTP (if possible, block insecure FTP at the endpoint site as well).
Data privacy and security is an increasingly prominent concern of customers, and Celigo takes it very seriously. The integrator.io environment and the general company management practices are annually audited for meeting requirements based on the trust services criteria relevant to Security and Availability (applicable trust services criteria) set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria), and Celigo has the resulting SOC 2 Type 2 report available under NDA. We also perform annual Pen Testing, and Quarterly Vulnerability testing; and where needed remediation, and a Summary is available, again under NDA.
In addition, Celigo is GDPR, CCPA, HIPAA, and FERPA ready, and always processes data in line with GDPR CCPA, HIPAA and FERPA requirements; and have the following recommendations for some of these specifically – Celigo is not PCI-DSS certified; however:
- PCI-DSS – never integrate cardholder data unless it is first tokenized and has been approved by your PCI-DSS governance processes.
- GPDR – EU/UK residents are not protected without a Data Processing Agreement (DPA) in place. You can request a DPA by emailing firstname.lastname@example.org
- HIPAA – never integrate ePHI patient data unless a BAA has been executed between your company and Celigo.
Additionally, integrator.io only holds personally identifiable information (PII) from your connections and flows in the event that a connection is down. This data is written to an S3 bucket with AES-256 encryption, timestamped, and stored for 30 days from the timestamp. If the flow runs successfully within those 30 days the information is immediately deleted. If it has an error, the data is held for 30 days from the timestamp for you to perform error analysis and retry your flow. If you successfully resolve your flows within the 30-day timestamp, your PII is immediately deleted.
You should collect or integrate only the minimum personal data needed to accomplish your purpose, to comply with best practices for handling and using personal data. This practice should be designed in from the time you first collect the data, and subsequent processing of any kind should take the same approach: is the data absolutely necessary for the job at hand?
Endpoint security is your responsibility
You are responsible for any newly created endpoints or endpoints connecting with integrator.io. Some integrations may extract data from one source to populate resources at another new endpoint. This may be an ongoing process, and the new endpoint can be used for many diverse purposes. You are responsible for verifying the security of these endpoints. When developing integrations that use these endpoints, you take full responsibility for protecting your data with robust security and backups when stored in source and destination systems.
Data encryption and environmental security
Best practices include using the tools securely, and while we enforce the best available encryption end-to-end for integrator.io, connecting to a plain HTTP endpoint or using an HTTPS endpoint less than TLS 1.2 will compromise security for that leg of the integration Always verify the endpoint security for HTTPS and for TLS 1.2 or better.
Use full-disk encryption on the computing device used for managing integrations. Do not use Microsoft Internet Explorer as a browser because it has been deprecated as insecure. Keep all browsers used with integrator.io up-to-date with security updates.
You are responsible for backing up data within the SaaS endpoints that integrator.io is connecting with. integrator.io integrates data and never persistently stores any data nor backs it up to prevent data proliferation. Any backups are your responsibility, and that is generally done at one or more of the endpoints. Discuss backups with your BCP team.
Business continuity planning
While we have a resilient AWS production environment with an service-level agreement (SLA) of 99.95% uptime – with no planned down time - and have a documented and tested Business Continuity Plan (BCP), you are also responsible for developing your own Disaster Recovery and BCP that address any inability to access or utilize Celigo services.
Security incidents or events
You are responsible for notifying Celigo at email@example.com if you detect or suspect a security incident related to integrator.io or if you suspect any security weaknesses or gaps.
Complementary user entity controls
Implement the following user entity controls to provide additional assurance that the general security and the Trust Services Criteria requirements described within this report are met. Your security auditors should review and select the appropriate complementary user entity controls according to your organization's needs.
- You are responsible for understanding and complying with your contractual obligations to Celigo.
- You should maintain formal policies that provide guidance for information security and data classification within your organization and the supporting IT environment.
- You are responsible for using secure encrypted HTTPS (TLS/SSL) connections for all interactions and connections made from one SaaS to another SaaS with Integration Apps or integrator.io.
- You are responsible for the establishment and termination of user accounts within integrator.io.
- You are responsible for keeping your user account credentials secure for integrator.io.
- You are responsible for ensuring the supervision, management, and control of the use of Celigo services by your personnel.
- You are responsible for reviewing notifications from Celigo about changes to Integration Apps or integrator.io.
- You are responsible for any resources created with integrator.io.
- You are responsible for backing up data within your SaaS endpoints, Integration Apps, or integrator.io is connecting to.
- You are responsible for developing your own disaster recovery and business continuity plans that address the inability to access or utilize Celigo services.
- You are responsible for notifying Celigo if you detect or suspect a security incident related to Integration Apps or integrator.io.
- You are responsible for using secure FTP (SFTP, FTPS) for all of your FTP transfers made from one SaaS to another SaaS with Integration Apps or integrator.io.
Please sign in to leave a comment.