Boomi Security
and Compliance

Security and GDPR

Boomi Security Standards

Boomi complies to all standards and regulations that help to protect data across all parties, giving customer peace of mind in their governance, risk and compliance. Click on each tab to learn more.

Security Overview

The Boomi AtomSphere integration platform as a service (iPaaS) supports all your application integration processes – between cloud platforms, software-as-a-service applications, and on-premise systems. Your entire team has online access to a powerful range of integration and data management capabilities, that can be realized in a fraction of the time of legacy middleware technologies.

 

Network and Facilities Infrastructure Security

The Boomi AtomSphere integration platform as a service (iPaaS) supports all your application integration processes – between cloud platforms, software-as-a-service applications, and on-premise systems. Your entire team has online access to a powerful range of integration and data management capabilities, that can be realized in a fraction of the time of legacy middleware technologies.

Application and Platform Security

The Boomi Atom resides on your network, in our data center on premises or in the cloud, hosted by Dell Boomi or a third party. During deployment, the data center verifies and authenticates the Atom and all of its contents before activation. An Atom never sends data to the AtomSphere platform data center unless explicitly configured by the user. The Atom communicates information to the Boomi AtomSphere in two modes, automatic and user initiated.

Automated Communication

The Boomi Atom automatically transmits the following information to the AtomSphere data center:

Online Status: The AtomSphere service knows in near real-time if the Atom goes offline.

Tracking Information: The Atom communicates file name and directory of the files processed as well as success/failure counts and process executions.

Integration Process Updates: The Atom periodically checks for and applies updates to integration process configurations made by the AtomSphere user. Atom Updates: The Atom periodically checks for and applies updates to the Atom code.

User-Initiated Communications

If requested by an authorized AtomSphere user, the Atom communicates the following to the AtomSphere data center:

Logging Information – information about the execution of an integration process, including total execution time, logging for each step of the process and execution-failure error messages.

Error Details – a detailed error message explaining what error caused the failed execution of an integration process.

Connector Browsing – when building processes for specific connectors, database schema information can be transmitted to define field mapping rules. No actual data is transmitted.

On-Premise Data Communication Security

No inbound firewall ports need to be open for the Atom to communicate with the data center. The Atom always initiates the connection; the data center never pushes data to the Atom. When the Atom initiates a connection, it uses an SSL handshake to authenticate the data center before transmitting data. The Atom uses the digital certificate automatically created during AtomSphere registration (see Password Encryption Security below).

Data Communication Security Standards

All communication from an Atom to the data center uses SSL 256-bit encryption and occurs via HTTPS, port 443.

Password Encryption Security

The diagram to the right illustrates the password security method that applies when a user registers for Boomi AtomSphere and how passwords are encrypted infrastructure provides—the highest level of SaaS security available.

During Registration

When a user registers and activates an account, Boomi generates a private/public x509 key. We store the public certificate and the private key in our secure data center.

During Build

When creating a connector, Boomi prompts users to enter their password. The password is encrypted and stored for the account. Only the account holder can decrypt the password that unlocks the private key matching the public key used to encrypt the password.

Deployment

When you deploy an Atom, the entire encrypted string is deployed to that Atom and the credentials of your account supplied during Atom deployment will unlock the communication password at runtime.

 

Certificates

Certain AtomSphere application connectors use certificates to guarantee security when transmitting data. Connectors such as FTPS, SFTP, HTTPS, AS2 and many others require certificates to encrypt data and channels, and to verify the digital signature of the person sending data. The certificate component can use a key obtained from a certificate authority such as Verisign or Thawte, or make use of a key generated by Boomi. Keys generated by Boomi are just as secure as purchased certificates.

Hosted Data

Atoms deployed in our data center have all the security that our data center infrastructure provides the highest level of SaaS security available.

Data Security

AtomSphere does not retrieve, access or store your application data at any point during the integration process. AtomSphere supports data mapping rules that enable interoperability and facilitate your integration processes. You configure and maintain the data flow. AtomSphere supports data mapping development, deployment and data management.

On-Premise Data

Application data processed through an on-premise Atom never flows through the AtomSphere data center. The data resides behind the customer’s firewall on the server that contains the Atom. Data travels directly to the SaaS or on-premise application through a connector configured to the security requirements of the customer.

 

Global Data Protection Regulations (GDPR)

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) law comes into effect. GDPR protects European Union data subjects’ fundamental right to privacy and the protection of personal data.

GDPR applies to any company (whether a controller* or a processor*) established in the European Union (“EU”) that processes personal data, regardless of whether the processing actually takes place in the EU or not. More significantly, the GDPR also applies to companies that are NOT established in the EU if they process the personal data of EU-based individuals for the purpose of:

(a) Offering them goods or services.

(b) Monitoring their behavior within the EU (e.g. social media, online tracking, data analytics).

This law will apply to any organization that meets above criteria, irrespective of where they are located.

Dell Boomi’s Commitment to Data Protection and GDPR Compliance

Dell Boomi, one of the Dell group of companies, closely partners with Dell’s Global Privacy Office to help customers located around the world with their GDPR compliance readiness journey.

Read more about Dell Boomi’s data protection commitment

Have Questions? Let Us Help You Win!