How is AEP data secured when transmitted to different destinations?
This article addresses concerns about securing AEP data when transmitting to different destinations. The resolution includes offering optional PGP encryption for cloud storage, supporting latest key exchange ciphers for SFTP, and conforming to destination APIs that support https/ tls.
Description description
Environment
- Adobe Experience Platform (AEP)
- Real-time Customer Data Platform
Issues/Symptoms
How is the AEP data being secured when transmitting out to different destinations, such as encryption, authentication, among others.
Resolution resolution
The support for encryption depends on the type of destination.
For cloud storage destinations we offer optional PGP encryption, for SFTP we support the latest key exchange ciphers and we generally disallow older less secure ciphers.
For the rest of the destinations, their APIs are usually over https/tls and as clients, we must confirm whatever they support.
Note - Unencrypted channels are not used.
Exceptions exist for external destinations like Facebook, Pinterest, etc. — where calls go over public internet but are secured by access tokens + SSL.
We also have other batch destinations where we use SFTP or secure cloud storage to exchange data.
These principles apply to Adobe destinations - mainly Adobe Target & Campaign. All calls to these destinations (Target, Campaign) happen in a secure/private way:
-
For Target, all the data goes via Edge destination and is published via a private transport mechanism via networks hosted by Adobe across clouds.
-
For Campaign, the data is securely stored and read using Azure storage (private data landing zones). Data transfer happens after secure authentication, via SSL channels.