StarfishETL security features

StarfishETL security features

StarfishETL security features



Compliance and data privacy

·       No data kept at rest on Starfish ETL iPaaS servers

·       Data in motion is encrypted using HTTPS

Infrastructure protection

·       StarfishETL iPaaS servers hosted on AWS 

·       Servers are hosted on the Eastern US locations.

·       AWS data centers and a network architected to protect information, identities, applications, and devices. 

·       Access to the servers by the StarfishETL Cloud Operations team governed by documented procedures to keep system access secure.


Threat detection

·       AWS identifies threats by continuously monitoring the network activity and account behavior within your cloud environment.

·       Cloud Operations team monitors activity per documented procedures and will inform 

GDPR compliance

StarfishETL team provides easy-to-access information during the opt-in process so an individual may request any personal information that StarfishETL processes about them including:

·       The personal data held about them

·       The purposes of the processing

·       The categories of personal data concerned

·       The recipients to whom the personal data has/will be disclosed

·       How long StarfishETL intends to store the personal data

·       If StarfishETL did not collect the data directly from them, information about the source

·       The right to have incomplete or inaccurate data about them corrected or completed, and the process for requesting this

·       The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from StarfishETL, and be informed about any automated decision-making that is used

·       The right to lodge a complaint or seek judicial remedy, and who to contact in such instances

Password encryption 


·       Uses AES 256-bit encryption

·       Endpoint credentials

·       Designer login credentials

·       Both Cloud and on-premises deployed environments encrypt login credentials.

·       On-premises Designer (Admin) does not require login credentials. Password encryption is therefore not required.

Password recovery

·       StarfishETL iPaaS supports password recovery. Password recovery is initiated through a link on the login page. Reset links are sent to the email associated with the user requesting the password reset.

·       On-premises Designer (Admin) does not require login credentials. Password encryption is therefore not required.




Encrypted SQL DB

·       StarfishETL leverages SQL for storage of project metadata, transaction history, foreign key cross-references, project configuration data and end point metadata.

·       StarfishETL iPaaS local storage is encrypted using SQL Server’s encryption tools.

·       On-premises systems can opt in to encrypt SQL DB by setting up SQL server to encrypt the local database.

Configurable single outbound connection to Starfish iPaaS services

·       Utilize the Starfish Ray as the configurable single outbound connection agent that will connect to the StarfishETL iPaaS services.

·       Securely exposes protected internal systems to allow integrations with Cloud systems

·       Light footprint agent is installed within the client’s network which enables bi-directional SSL encrypted communication

·       Once Agent is installed, connections and mappings are administered using the Cloud Designer

·       Single outbound connection to our secured servers


Data over the wire encrypted using HTTPS

·       StarfishETL connections over the internet use HTTPS to encrypt data over the wire.

Whitelist StarfishETL iPaaS

·       Whitelisting a server’s IP that needs access to a server inside a firewall is a common technique used by our customers to increase security.

·       Whitelisting the StarfishETL iPaaS server’s IP address associates the server as a secured location. 

·       Whitelisting often meets high security requirements for physical servers outside of company’s secure environment.




    • Related Articles

    • SugarCRM REST Connector

        SugarCRM REST Origin Use JSONLint to validate JSON: Sample Origin Filters See the GET /<module> filterList in the SugarCRM REST Help: https://SERVER/rest/v10/help/ Note the [{...}] surrounding the filter. This is required. ...
    • Starfish ETL iPaaS Logging Features and Settings

      Starfish ETL iPaaS Logging Features and SettingsStarfish ETL iPaaS has a number of options for logging and monitoring integration activity. Logging is required at various stages of the integration mapping process, during the testing phase prior to ...
    • Starfish Designer 2-factor Authentication (2FA)

      The latest update for Starfish Designer has 2-factor authentication (2FA) enabled.  Update applied to StarfishETL Cloud servers March 26, 2020.   This feature is part of the Starfish product strategy to continually improve your experience and secure ...
    • Pull data from a source and write to file

      With this map, I wanted to pull all accounts from a Sugar instance and dump a few fields into a pipe delineated file. In this map I used the same Sugar instance as both the Origin and Destination. There were no Stages created, so no action was taken ...
    • Act! Connector

      ACT! Premium Cloud: StarfishETL supports two-way integration. ACT! On-Prem: Starfish does not have a native Act! connector for versions less than Act v18 so we read directly from the database. Configuration Options Connect Act Premium (v18+) using ...