Customer data security article

Customer Data Security in ARGOS Low-Code AI/ML Integration Platform

 

Abstract 

Data security is a vital part of today's digital world. Enterprises require robust systems and procedures to ensure the protection of their customers’ information. This whitepaper explores the different data security-related features of ARGOS Low-Code AI/ML Integration Platform. It will describe its various aspects such as on-premise deployment, data and credential security, role-based access control, file encryptions, audit logs, and other security enhancements, outlining how ARGOS addresses the growing demand for secure and efficient data handling in enterprise applications.   

 Introduction 

The digital revolution has drastically changed the way businesses operate, shifting from traditional methods to digitized processes. While this transformation offers unparalleled opportunities for growth and efficiency, it also presents new challenges in terms of data security and privacy. The ARGOS Low-Code AI/ML Integration Platform presents an effective solution that encapsulates robust data security features in an easy-to-use package.  

 Full On-Premise Deployment Option 

Understanding the varying requirements of different enterprises, ARGOS offers its customers the option for full on-premise deployment. Though the platform is predominantly deployed as a cloud solution, organizations requiring ARGOS components and automated transactions to be confined within their network can opt for the on-premise package. This approach provides businesses with complete control over their data and processes, strengthening the security architecture.

 Customer Data Security

In terms of cloud solutions, the ARGOS Low-code platform ensures none of the three components, the Scenario Studio (STU), Process Automation Module (PAM), and Supervisor save or store customer data as files. The architecture of the ARGOS Low-code platform is distinctively designed to separate the process plane and the data plane. This strategic architecture facilitates total control for users over their data's storage and processing location. The process plane is primarily responsible for orchestrating the control flow, i.e., how data is processed, while the data plane manages the actual data traffic, i.e., where and how data is stored. This explicit separation between data and process management within ARGOS ensures that the platform caters to organizations' stringent data security and sovereignty requirements. As a result, users can independently control and modify their data environments, supporting an efficient, secure, and flexible data management framework.
If an automation process requires a job-queue that holds customer data, an independent queuing solution can be implemented within the customer's network. This feature is built to add an extra layer of security and to ensure data sovereignty for ARGOS users.

 Secure Customer Credentials

ARGOS offers a secure vault solution for storing customer credentials. Regardless of whether the customer credentials are hardcoded into the Automation Scenario or not, all credential data is encrypted. This encryption ensures that no customer credentials appear in the system or execution logs, thereby protecting sensitive data from unauthorized access.

 Role-Based Access Control (RBAC)

As a multi-tenant platform, ARGOS implements most of its multi-tenancy management features with Supervisor. To maintain access control and prevent unauthorized access, ARGOS has four user authority levels with Role-Based Access Control (RBAC): Master, Developer, Operator, and Viewer. The Supervisor login password is encrypted using SHA-256, a strong cryptographic hash function that ensures secure access control. Learn more about ARGOS Low-code’s RBAC from this link Enterprise Supervisor Sub Accounts and RBAC

 File Encryptions

The platform employs AES-256 encryption to secure the Automation Scenario files. This encryption guarantees that only the STU account that generated the Automation Scenario file can open it for modification after encryption and saving for deployment.

 Bot Expiration Control

ARGOS ensures that no Automation Scenarios can be deployed unless the Automation Scenario files are saved at Supervisor. This functionality can provide users with additional control over the running time of automation scenarios. They can set a start and end date to determine the life of the Automation Scenario. Access to on-demand deployment from the Supervisor is restricted to authorized accounts only. Automation Scenarios and PAMs can be paused, locked, or deleted to prevent unwanted executions.

 Audits and Logs

The ARGOS platform generates Automation Scenario logs via PAM. These logs can be stored in a designated secure storage location configured at PAM’s settings. PAM configuration and registration are password-protected, and monitoring/alarms settings for any modifications by Supervisor are supported.

 Other Security-Related Enhancements

ARGOS has implemented several other security measures. It uses HTTPS for STU/PAM/Supervisor communications, requiring authentication and authorization by a secured ID for server connections. Regular patches are applied to enhance web security and regular security checks are performed for risks such as SQL Injection, AAA (Authentication, Authorization, Audit), and API encryption. 
ARGOS has enhanced its sensitive data handling policies and access controls. Information that can infer server configuration is hidden to prevent exposure to the outside. Other security features include addressing cross-site scripting and reinforcing the Cross-Origin Resource Sharing (CORS) usage policy.

 Conclusion

The ARGOS Low-code AI/ML Integration Platform brings a comprehensive suite of data security features, ensuring the utmost protection for enterprise data. By offering options such as on-premise deployment, robust access controls, and various encryption measures, ARGOS proves to be a reliable choice for enterprises that value data security. The consistent updates and enhancements further emphasize ARGOS's commitment to staying ahead of potential security risks. In an age where data breaches are a significant concern for any business, ARGOS provides a reliable, secure platform for enterprise operations.

 

Other Security Related Enhancements

 

  • ARGOS Low code uses HTTPS to communicate STU/PAM/Supervisor.

  • All communication between servers also needs authentication and authorization by secured ID before connections

  • ARGOS LABS regularly applies patches to enhance web security.

  • Regular security checks are performed to determine whether there are any security risks for SQL Injection, AAA(Authentication, Authorization, Audit), and API encryption.

  • Increased password complexity (backend)

  • Sensitive data handling policies have been enhanced

  • Access control has been enhanced for Security (Supervisor menu, API, and Data)

  • Information that can infer the server configuration is hidden so that it is not exposed to the outside.

  • Cross site scripting has been addressed

  • Reinforcing CORS (Cross-Origin Resource Sharing) usage policy