Security Controls Overview
Autonomous Identity uses a number of security protocols as summarized below.
|Encryption: External Data in Transit|| |
All data in transit from Autonomous Identity to the outside world is encrypted.
SSL certificates must be configured with the load balancer. Autonomous Identity configures self-signed certificates used by Nginx. Customers can also use their own certificates during deployment.
|Encryption: Internal Data in Transit|| |
Within the Autonomous Identity secure server network, most data in transit between the Autonomous Identity services is encrypted, but not all. The exception is any non-encrypted communication between Autonomous Identity servers. You can protect this communication via network firewalls.
It is also recommended to disable access on network and firewall ports for services like Spark that are meant for internal access only. The rest of the services are SSL/TLS-protected including all Nginx protected services, Mongo, Cassandra, and Elasticsearch nodes.
|Encryption: Data at Rest|| |
MongoDB is not encrypted natively in Autonomous Identity, but can be encrypted via third-party disk encryption or using the MongoDB enterprise version. If encryption at rest is required, please confirm with the MongoDB vendors how this is handled in existing MongoDB clusters.
Likewise, Cassandra is not natively encrypted, but can be supported through its enterprise versions.
Autonomous Identity users various authentication methods within its systems, such as the following: