đSecurity
Measures Orchestra undertakes to keep your operations secure
Orchestra has access to underlying data applications but no underlying data. Orchestra will only collect and store metadata from data tools / integrations and will never directly interact with underlying data that exists in a data lake or data warehouse.
We take security extremely seriously and to that effect have the following measures in place to ensure the service is not compromised:
All connections use TLS1.3 with HTTPS
Infrastructure runs in a private subnet with a reverse proxy
SSO sign-in via Google supported (more can be added if required just let us know)
All common web security practices (CORS, CSP, HSTS, etc.) are implemented
Orchestra validates all user input to protect against common attacks like SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF)
All logs are stored for 90 days, and actively monitored for suspicious activity
Integration Credentials
Storing integration credentials in a secure and controlled way is an important aspect of the app. We store credentials encrypted at rest. When the secret is needed we only decrypt it just before the secret is used. The decryption key is only accessible to the resources that require it.
Whitelist IPs
Sometimes it is necessary to orchestrate tasks for integrations behind a firewall. For Orchestra to communicate with those resources it is necessary to add the Orchestra platform IP addresses to your whitelist of allowed IPs. The IPs Orchestra currently uses are:
Last updated