Skip to main content

Security design and risk mitigation

Talend's Control Plane and Data Plane solution incorporates a security-specific design to address common risks associated with using any cloud solution.
  • Network communications:
    1. All communications across different parts of Talend's Control Plane and Data Plane go through HTTPS or WSS.
    2. All users are required to access the Data Plane services exclusively through Talend Control Plane, that is to say, Talend Management Console and its API endpoints.
    3. Talend processing services deployed in the Kubernetes clusters are directly or indirectly connected to Talend Cloud through a web socket or ActiveMQ over HTTPS. Talend Cloud services are designed with request isolation in mind; therefore, a request targeting a given Data Plane environment cannot reach other Data Plane environments.
  • Authentication and authorization:

    A Talend Cloud user must authenticate to Talend Management Console and in the meantime, obtain the Engines - Manage permission (ID: TMC_CLUSTER_MANAGEMENT) to manage Data Planes. This user's login activities are recorded in Talend Cloud logs.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!