Jitterbit Security and Architecture White Paper¶

Overview¶

Jitterbit delivers powerful integration tools and services through a multi-tenant cloud integration platform called Harmony.

While Harmony can drastically simplify and speed up most aspects of managing integration processes, the introduction of a multi-tenant cloud system can raise security questions for customers and users.

Harmony manages information security by applying an information security framework (hybrid model) based on NIST, CIS, CSA, and CERT recommendations. Jitterbit has also been certified to meet the requirements of:

• Health Insurance Portability and Accountability Act (HIPAA)
• SOC 1, SOC 2, and SOC 3 Type 1 and Type 2 compliance
• ISO 27001:2013 with supplemental controls for 27017
• California Consumer Privacy Act (CCPA)
• European Union - General Data Protection Regulation (GDPR)

Security and Architecture¶

The pages in this topic describes the following aspects of security provided by the Harmony platform:

• Logical Security and Architecture
  Logical security is comprised of all the security measures taken within the Harmony software. These include the system architecture; major components; Harmony users, organizations, and roles; Harmony environments and access control; Harmony data storage; and Harmony security topologies.

• Physical Security
  Physical security involves the hosting of Harmony on AWS cloud infrastructure. AWS provides a platform that addresses Harmony’s scalability and availability and many of its security requirements. This section describes infrastructure compliance; physical and environmental security; business continuity management; high availability and fault tolerance; network security; secure design principles; change management; Amazon EC2 security; load balancing security; data storage; and data durability and reliability.

• Organizational Security
  Organizational security covers operational best practices of leading cloud-computing providers around the world. This includes confidentiality; the personnel policy; the Jitterbit Operations, Engineering, and QA teams; the Harmony Trust site; identity and access management; patch management and high availability; and capacity management.

This document takes a broad view of security and covers things to consider from the perspective of availability and performance, in addition to data protection.