Security

Zuar Runner is an extremely flexible and extensible platform with varied security uses cases. The overall security standards of Zuar Runner depend upon the choices users make.

In every case, there is a secure option available for the user if they choose to use it.

The baseline security infrastructure for ZUAR hosted Zuar Runner is 2FA consisting of:

  1. Individual IP allow list - Only designated IPs may login to a particular customer tenet.

  2. Basic authentication - Standard username and passwords are enforced by the ZUAR Web Application Firewall.

Network Security

Because the security of your data is critical, we prioritize the development and maintenancece of a secure, trusted platform. We are committed to industry standard security best practices, policies, and procedures to protect your data.

Zuar Runner is available via two hosting options:

  • Zuar-hosted: Zuar hosts and maintains the Zuar Runner instance; the customer does not need to provide any hardware

  • Customer-hosted: Zuar Runner resides on a customer server

Zuar-hosted Zuar Runner

Zuar hosts Zuar Runner for customers in either AWS or Digital Ocean. Zuar Runner therefore benefits from the security of each of these cloud platforms:

Multi-factor Authentication

Zuar enforces two-factor authentication (2FA) for Zuar-hosted Zuar Runner as follows:

  1. Network access is controlled through an IP address allow list. Only specific, pre-defined addresses can access the Zuar Runner administration interface or internal PostgreSQL database.

  2. Zuar Runner administration and database authentication requires separate usernames and passwords, along with the above pre-authorized network access.

Customer-hosted Zuar Runner

Zuar Runner can be deployed in accordance with your security requirements when hosting it within your IT infrastructure.

SSL Encryption

In both hosting scenarios, Secure Sockets Layer (SSL) encryption is used to protect all web traffic between clients and the Zuar Runner instance.

Authentication

Zuar Runner Admin Interface

Zuar Runner’s admin interface supports basic authentication (username and password). Zuar Runner includes a Zuar Web Application Firewall (WAF) and therefore can support other authentication mechanisms if needed. Zuar Runner uses a one way hash of the password making it impossible to recover the clear text password following OWASP security best practices.

Database Authentication

Zuar Runner’s internal PostgreSQL database supports the authentication methods of Postgres. The standard is username and password. Users have admin access to Zuar Runner’s internal PostgreSQL database and can set up any database security requirements they need.

Zuar Runner’s API Authentication

Zuar Runner’s API uses a revocable API key for access.

Data Security

How is data transmitted to and through Zuar Runner?

Zuar Runner is able to pipe data from external APIs, databases, and flat files.

  • APIs: REST or SOAP based APIs are the most common and they use standard SSL encryption for traffic (e.g. Salesforce, Netsuite, etc.)

  • Databases: When Zuar Runner pipes data from or to an external database, Zuar Runner leverages the security of the driver provided by the database vendor. Zuar Runner can be configured to use SSL if the external database supports it.

  • Flat Files: Flat files can be transferred to Zuar Runner in any number of ways (via HTTPS in the UI, via FTP/sFTP, rclone, etc).

Contact Zuar for plugin-specific questions.

How is data stored in Zuar Runner?

Data is stored internally in one of two cases:

  1. For all Zuar Runner deployments, named credentials are encrypted at rest.

  2. For self-hosted deployments, customers can deploy Zuar Runner where all data is encrypted at rest.