Like a physical pipeline, an ETL pipeline is simple in concept but nuanced in execution. It takes a lot of operations to get records from a data source, which might be a SaaS application or a local database, to its destination in a data warehouse or data lake. The more moving pieces that are involved, the more the risk of failure. And the worst kind of failure isn’t having data fail to get to where it’s supposed to go (though that’s pretty bad). The worst case is a security issue that exposes the data to bad actors who’d like to profit from access to sensitive, confidential information.
We’ve written a white paper that talks about how Fivetran keeps your data secure. Here, we’ll walk through the possible pitfalls and talk about how you can ensure data pipeline security.
Security starts where data lives
Though the data pipeline itself is virtual, ETL security starts with the physical. The data centers in which Fivetran’s cloud instances run have to be inaccessible to anyone without authorization. Access is monitored continuously, and all visits to physical infrastructure are logged. All operating systems and containers are hardened and patched.
To meet regulatory or data residency requirements, Fivetran gives customers the choice of where their data is processed and the hosting provider to use. All data that Fivetran handles uses Google Cloud Platform (GCP) or Amazon Web Services (AWS), and later in 2021 we will also support Microsoft Azure. Physical security is handled entirely by those providers, who provide an extensive list of compliance and regulatory assurances, including SOC, PCI DSS, and ISO/IEC 27001.
Of course that data isn’t useful to Fivetran customers unless they can access it, which means it has to be available over the internet. A web application firewall (WAF) protects the Fivetran web portal, which lets us validate, filter, and monitor HTTPS traffic to Fivetran’s web application dashboard, where customers configure their data syncs. The service enforces TLS 1.2+ on external connections. Fivetran has designed our platform to isolate the data syncs from the front end web application. No data synced through the Fivetran service is shown to end users of the Dashboard, only configuration settings and status/error logs are displayed in the application.
Once you put all the security pieces in place, you have to keep an eye on them. Responsible service providers use network-based intrusion prevention systems (IPS) to protect against attacks, and intrusion detection systems (IDS) to uncover unusual activity. They’re part of a larger security information and event management system (SIEM) that monitors system status and performance and detects rogue processes.
Fivetran is no exception. We use an anomaly-based security monitoring system that continuously collects cloud configuration and audit events; host-level system, process, and network information; and container image vulnerabilities to establish a baseline of normal expected behavior. If we encounter unexpected behavior, we alert our SecOps team.
We engage a third-party security service to perform external penetration tests. We also have a responsible disclosure program to allow security researchers to inform us of noteworthy and actionable vulnerabilities.
Keeping code secure
Security flaws can also creep in through code. We take particular care to authenticate anyone who could access Fivetran code. Developers and customer support employees must authenticate via a company-wide single sign-on provider that enforces multi-factor authentication (MFA), strong passwords, and the use of company-managed laptops.
We use multiple commercial third-party vulnerability scanning tools to check our code and infrastructure for vulnerabilities, and we do dynamic application security testing (DAST) to spot web application vulnerabilities. We also monitor for vulnerabilities in the tools we use, such as open source libraries, to ensure that our software is patched promptly in the event that security flaws are discovered in them.
All of these measures are helpful, but are they enough? We don’t want you to just take our word that we’re doing everything we can to avoid data pipeline security issues, so we maintain compliance with several industry security standards.
ISO/IEC 27001 is an internationally recognized information security management standard and code of practice based on security best practices.
We undergo an annual, independent SOC 2 Type 2 audit, and we make the audit report available upon request to existing and prospective customers.
Fivetran is PCI DSS Level 1 validated, meaning we comply with the highest and most stringent of the PCI DSS certifications. Customers can connect Fivetran to systems within their cardholder data environment (CDE) whether they sync payment card data through Fivetran or not.
And, as a data subprocessor, we adhere to the principles of EU 94/95 privacy rules, the US/EU Privacy Shield program, and GDPR rules when they apply. We also comply with HIPAA requirements for protected health information (PHI), and will sign a business associate agreement (BAA) with customers who are subject to HIPAA mandates.
Incident response planning
What if, despite all our precautions, something goes wrong and data is put at risk? Fivetran follows an incident response program to ensure that we have the policies, procedures, training, and support to effectively respond to security incidents. Our reporting and disclosure policies meet or exceed the legal requirements in every jurisdiction where we have infrastructure. And we carry industry-standard cybersecurity liability insurance.
The tl;dr: You can be comfortable that Fivetran is taking all the precautions with your data that you would think of if you were managing it all in-house. We have a dedicated team that does nothing but consider and work on ETL security and related security issues. Bottom line: Your data is safe with us.
Read about the Fivetran Security Framework in detail here.