Security Overview for PubSub+ Cloud
PubSub+ Cloud is secure by default. PubSub+ Cloud has enterprise-grade security built into every level of the platform to ensure that your event-driven architecture and its data remains secure.
This overview is specific for the PubSub+ Cloud platform and Solace utilizes many of the best practices and recommendations that are described in the general PubSub+ event broker Security documentation found in Security Overview.
Certain deployment operations must be performed by Solace, whereas others may be performed by the customer. In addition, different deployment options refer to infrastructure or other resources belonging to Solace and/or the customer. To prevent confusion, we sometimes explicitly use the terms "Solace" and "the customer" in discussions of infrastructure and installation procedures.
The following is an overview of the PubSub+ Cloud security:
- Secure Cloud Architecture
- PubSub+ Cloud is designed to be performant, reliable, scalable, and most importantly – secure. When you use PubSub+ Cloud, you can choose to deploy your services in a Solace-controlled, shared region, Solace-controlled, customer-dedicated region, or customer-controlled region.
- With a Solace-controlled region, you can choose to deploy your customer-dedicated event broker services (non-shared) in a shared region. Applications connect via the public Internet.
- With a Solace-control, customer dedicated region, event broker services are deployed in a region that's dedicated to a customer. This is best for environments that require isolated infrastructure and applications connect from a private network rather than over the public Internet, you can deploy to a Solace-control, customer dedicated region.
- With a customer-controlled region, you can deploy to a Kubernetes in a region that you control. You tune and control all aspects of infrastructure and Kubernetes cluster.
- For more information, see Summary of Security Architecture for Deployment Environments.
- The deployment option chosen dictates the security aspects that are managed by Solace or managed by the customer. In terms of security responsibilities, your responsibilities increase as you move from Solace-controlled, shared region to Solace-controlled, customer-dedicated region to customer-controlled region. For an overview security responsibilities for the customer as compared to Solace, see Customer Roles and Responsibilities for Security.
- VPC/VNet Isolation
- You can deploy your event broker services in a Kubernetes cluster within an isolated Virtual Private Cloud or Virtual Network (VPC/VNet). This isolated VPC/VNet gives additional security when you:
- may not want the event broker services to be accessible from the public Internet
- need the event broker service in an isolated environment (i.e., you don't want your event broker services in a multi-tenant environment - or shared public infrastructure)
- have data sovereignty requirements (e.g., you require a kept in VPC/VNet in a particular region of the world)
- For more information about how event broker services are deployed in an isolated VPC/VNet, see VPC/VNet Isolation.
- Authentication and Authorization of Client Applications
- You have well-defined, granular control to how client applications authenticate and are authorized to access event broker services and perform management operations. There are two types of client applications:
messaging applications that connect to event broker services to exchange data and events (e.g., publish/subscribe) in PubSub+ Cloud
- custom management applications that manage and monitor event broker services. These applications are useful for automating the management of event broker services (configuration, monitoring, etc.) that are common for continuous integration and development (CI/CD) workflows.
- For more information, see Client Application Connectivity and Security.
- Authentication and Authorization of Users in the PubSub+ Cloud Console
- Users must be authenticated and authorized to create event broker services, monitor event broker services, and design an event-driven architecture. The PubSub+ Cloud's account and user management system allows you to efficiently manage user accounts and assign permissions that allows users to access the different categories of services in the PubSub+ Cloud Console. PubSub+ Cloud can be integrated a OpenID Connected based central identity management system to make it easier to manage users and provide Single Sign-On (SSO). There is support for Azure Active Directory, Okta, PingOne, and Auth0.
- For more information about authentication and authorization of users in PubSub+ Cloud, see Authentication and Authorization to PubSub+ Cloud.
- Customer Data Protection
- Customer data is always protected in PubSub+ Cloud. The PubSub+ Cloud architecture logically splits the data into a control plane and a messaging plane. The control plane transports data related to management and monitoring, while the messaging plane transports the messaging data between the event broker services and customer applications.
- These distinct planes are highly secure and the transport of data is encrypted both in transit and at rest (AES-256 and TLS 1.2) . The different types of data are important in the security architecture for these reasons:
- it clearly lets you have better control of the data – for instance, you can keep all the messaging data within an isolated VPC/VNet for customer-controlled environments
- improved reliability and security – impact to one plane doesn't affect the other
- For more information about control and messaging planes and data protection, see Data Protection in PubSub+ Cloud.
- Audit Logs and System Logs
- PubSub+ Cloud provides access to full logs and system notifications that includes:
audit logs for the PubSub+ Cloud Console regarding security-related access
full logs regarding event broker services (you can access these by setting up SysLog Forwarding)
a subset of logs from event broker services are sent to our central monitoring service, which can be accessed from PubSub+ Insights and contribute to additional notifications and alerts.
- It's important to note that logs and any information collected to monitor the health of the event broker services or and system status do not contain personal identifiable information. For more information, see Using Audit Logs and System Logs.
- Compliance with Industry Standards
- PubSub+ Cloud is compliant with many important industry standards for cloud and SaaS. For more information, see PubSub+ Cloud Security.
- Hardened Development and Operational Processes
- PubSub+ Cloud is designed as a secure platform with security first. We have hardened developer and operational processes to ensure that the PubSub+ Cloud platform remains secure. The areas include:
- Operational procedures to ensure that PubSub+ Cloud production environments are secured and operational/security incidents are tracked and addressed with clear root-cause analysis performed.
- Development and production processes ensure that all changes are continuously tested with increasing scrutiny to greatly reduce security vulnerabilities. Security is the main consideration included in our Agile processes and includes threat-modelling investigations and specific actions to address any potential security considerations raised.
- Solace has many policies and strict internal access controls in place with clear hierarchical access and well-defined chain-of-command.
- Internal audits and testing is regularly perform all stages of our development and production pipelines to scan for vulnerabilities. On-going security activities perform different audits (daily, weekly, quarterly) to ensure a secure and reliable environment that continuously improves to meet ongoing security requirements.
- Disaster-Recovery procedures are in place with 99.95% availability for our Solace Home Cloud and PubSub+ Cloud Console. Many measures are in place to minimize downtime, decrease recovery time, and ensure that critical data is not loss.
- Physical and environmental security leverages best in class cloud-providers to protect against attacks. Selection of vendors are based on required controls (e.g., power/electrical controls, physical-access safeguards, fire detection/supression systems).
- For more information, see Overview of Hardened Developer and Operational Processes at Solace.
- Considerations for Additional Security
- PubSub+ Cloud is secure by default and event broker services are deployed with a secure configuration by default. Security updates are required and there are additional settings you can make to further harden security.
- The default settings in PubSub+ Cloud balance development ease and production requirements (initial integration) with security. There are some additional recommendations in your environment that can further harden deployments in infrastructure that you control when you require additional security. For more information, see Considerations for Additional Security and Best Practices.