A holistic approach to security
Securing customer data is part of our core strategy and values. We built our cloud from the ground up, keeping security as a primary design principle. Our product development incorporates Informatica’s Secure Development Lifecycle to ensure that we eliminate security defects while we develop our products.
Informatica Intelligent Cloud Services (IICS) uses industry approved and commonly used algorithms to encrypt all sensitive information. All customer data is encrypted at rest using an AES-256 key. Data in transit is encrypted using TLS-1.2 or greater protocol.
IICS is a multi-tenant environment, which hosts customer instances in a dedicated “private” environment using the public cloud. Our multi-tenant architecture ensures that each customer’s data is segregated from all other tenants and is only exposed to authorized users. This means that there is no commingling of customer data. You can check the production status of all publicly hosted Informatica cloud products, including planned maintenance schedules and other updates, at status.informatica.com.
Informatica continuously improves the security of IICS by releasing new, security-focused features. As a customer, you benefit from our support of application security, malware protection, network security, system configuration, identity and access management (IAM), security response, and data protection.
Please contact your account rep for a copy of the Informatica Intelligent Cloud Services Security Overview Brochure.
Informatica’s cloud security program
We are committed to continuously earning your trust; that’s why we comply with key standards and regulations in your industries. The Informatica cloud security program is designed to protect you and us from cyber threats, enabling you to take smart risks while maintaining a safe and compliant environment. We start with policies that provide a baseline for us to define standards and to define how we securely operate our cloud infrastructure at scale. We perform continuous audits to ensure that our environment is compliant with applicable standards and regulations.
At Informatica, security is everyone’s responsibility
Our global security team is comprised of the following functions:
Office of the CISO
Governance Risk & Compliance
Cloud Security Architects
Cloud Security Engineers
Security Operations Center
All Informatica personnel supporting IICS go through periodic background checks. Before being granted access, Informatica personnel complete mandatory security training. Annual security training ensures that all employees are made aware of the evolving threat landscape and are prepared. Annual privacy training helps employees understand obligations under applicable laws and regulations including the GDPR. IICS R&D follows a secure software development lifecycle process to help ensure that the service effectively protects customer data. Informatica also invests heavily in providing incident response training to employees to ensure that we act swiftly and responsibly in the event of a data breach.
Informatica is committed to working with the security researcher community to improve the security of our products and services. Our Responsible Disclosure Program facilitates responsible reporting of potential vulnerabilities so we can respond swiftly and appropriately.
Certifications, assessments, and standards
Consistent with our cloud principles, we hold ourselves accountable to a higher standard. Informatica will provide executive summary of independent third-party penetration test reports.
We continuously add to our list of externally validated certifications, assessments, and standards to keep your data safe, and to ensure we remain a best-in-class cloud service provider.
|INFORMATICA||AWS||AZURE||GCP||SALESFORCE||VENDOR A||VENDOR B||VENDOR C||VENDOR D||VENDOR E||VENDOR F||VENDOR G||VENDOR H|
As a global leader in Enterprise Cloud Data Management, Informatica takes privacy seriously. We design products and services and conduct business with appropriate administrative, technical and organizational measures to protect personal data, and we regularly evaluate the effectiveness of those measures.
Law Enforcement Requests and Informatica’s Transparency Report – July 1, 2022
This document explains how Informatica responds to governmental requests for data we process on behalf of our customers.
History of Requests:
From January 1, 2017 through the date of publication of this document, Informatica did not receive any search warrants, subpoenas, or national security requests (such as national security letters or Foreign Intelligence Surveillance Act orders) for customer data or metadata.
Encryption of customer data:
All products on Informatica’s Informatica Intelligent Cloud Services platform hosted on Microsoft Azure, Amazon Web Services, or Google Cloud Platform, including Cloud Data Integration, Master Data Management (MDM) Cloud, and Data Quality and Governance Cloud, and single-tenant hosted MDM and Product 360, encrypt all customer data and customer-specific metadata in motion (even traffic within a pod) and at rest (at both file and database level). Encryption is continuous from transit out of the customer’s network, within Informatica’s cloud components, and through to delivery to the destination. Encryption in motion uses TLS v1.2 or greater, and encryption at rest uses AES-256. This encryption creates a practical impediment to surveillance of customer data without awareness of Informatica or our customer.
Our response process relies on four principles:
Notice. Informatica notifies the customer whose data or metadata is the subject of the request, except where prohibited by law. Informatica gives this notification promptly and in advance of fulfilling the request except where prohibited by law or in the case of a bona fide emergency.
Validity. Informatica analyzes each request to determine its validity, including the substance of the request and the jurisdictional authority of the government entity, regulator, or law enforcement agency issuing the request.
Challenge. If Informatica concludes that the request itself or an order to delay notice of the request may not be valid, Informatica challenges that request or order .
Limitation. Informatica provides customer data or metadata in response to the request only if required by law. Informatica construes each request narrowly and discloses only the information required.
If you have questions about this Transparency Report, please contact firstname.lastname@example.org.