Category Archives: IaaS

Informatica and the Shellshock Security Vulnerability

The security of information systems is a complex, shared responsibility between infrastructure, system and application providers. Informatica doesn’t take lightly the responsibility our customers have entrusted to us in this complex risk equation.

As Informatica’s Chief Information Security Officer, I’d like to share three important security updates with our customers:

  1. What you need to know about Informatica products and services relative to the latest industry-wide security concern,
  2. What you need to do to secure Informatica products against the ShellShock vulnerability, and
  3. How to contact Informatica if you have questions about Informatica product security.

1 – What you need to know

On September 24, 2014 a serious new cluster of vulnerabilities to Linux/Unix distributions was announced, classified as (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278) aka “Shellshock” or “Bashdoor”. What makes ShellShock so impactful is that it requires relatively low effort or expertise to exploit and gain privileged access to vulnerable systems.

Informatica’s cloud-hosted products, including Informatica Cloud Services (ICS) and our recently-launched Springbok beta, have already been patched to address this issue. We continue to monitor for relevant updates to both vulnerabilities and available patches.

Because this vulnerability is a function of the underlying Operating System, we encourage administrators of potentially vulnerable systems to assess their risk levels and apply patches and/or other appropriate countermeasures.

Informatica’s Information Security team coordinated an internal response with product developers to assess the vulnerability and make recommendations necessary for our on-premise products. Specific products and actions are listed below.

2 – What you need to do

Informatica products themselves require no patches to address the Shellshock vulnerability, they are not directly impacted. However, Informatica strongly recommends that you apply your OS vendors’ patches as they become available, since some applications allow customers to use shell scripts in their pre-and post-processing scripts. Specific Informatica products and remediations are listed below:

Cloud Service Version Patch / Remediation
Springbok Beta No action necessary. The Springbok infrastructure has been patched by Informatica Cloud Operations.
ActiveVOS/Cloud All No action necessary. The ActiveVOS/Cloud infrastructure has been patched by Informatica Cloud Operations.
Cloud/ICS All Customers should apply OS patches to all of their machines running a Cloud agent. Relevant Cloud/ICS hosted infrastructure has already been patched by Informatica Cloud Operations.

 

Product Version Patch / Remediation
PowerCenter All No direct impact. Customers who use shell scripts within their pre- / post-processing steps should apply OS patches to mitigate this vulnerability.
IDQ All No direct impact. Customers who use shell scripts within their pre- / post-processing steps should apply OS patches to mitigate this vulnerability.
MM, BG, IDE All No direct impact. Customers who use shell scripts within their pre- / post-processing steps should apply OS patches to mitigate this vulnerability.
PC Express All No direct impact. Customers who use shell scripts within their pre- / post-processing steps should apply OS patches to mitigate this vulnerability.
Data Services / Mercury stack All No direct impact. Customers who use shell scripts within their pre- / post-processing steps should apply OS patches to mitigate this vulnerability.
PWX mainframe & CDC All No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
UM, VDS All No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
IDR, IFC All No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
B2B DT, UDT, hparser, Atlantic All No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
Data Archive All No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
Dynamic data masking All No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
IDV All No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
SAP Nearline No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed..
TDM No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
MDM All No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
IR / name3 No direct impact.  Recommend customers apply OS patch to all machines with INFA product installed.
B2B DX / DIH All DX & DIH on Red Hat Customers should apply OS patches.  Other OS customers still recommended to apply OS patch.
PIM All PIM core and Procurement are not not directly impacted. Recommend Media Manager customers apply OS patch to all machines with INFA product installed.
ActiveVOS All No direct impact for on-premise ActiveVOS product.  Cloud-realtime has already been patched.
Address Doctor All No direct impact for AD services run on Windows.  Procurement service has already been patched by Informatica Cloud Operations.
StrikeIron All No direct impact.

3 – How to contact Informatica about security

Informatica takes the security of our customers’ data very seriously. Please contact our Informatica’s Knowledge Base (article ID 301574), or our Global Customer Support team if you have any questions or concerns. The Informatica support portal is always available at http://mysupport.informatica.com.

If you are security researcher and have identified a potential vulnerability in an Informatica product or service, please follow our Responsible Disclosure Program.

Thank you,

Bill Burns, VP & Chief Information Security Officer

FacebookTwitterLinkedInEmailPrintShare
Posted in Cloud, Data Security, IaaS | Tagged , , , | Leave a comment

Five Ways You Can Extend PowerCenter with Informatica Cloud – Part 2

In Ashwin Viswanath’s previous video blog, he spoke about why it is important to have a cloud integration solution that has purpose-built integration applications. In this video, he delves deeper into the security aspects of cloud integration and how to rapidly provision integration environments for distributed business units, subsidiaries and departments in a quick and efficient manner.

 

FacebookTwitterLinkedInEmailPrintShare
Posted in Cloud Computing, IaaS, PaaS, SaaS | Tagged | Leave a comment

Five Ways You Can Extend PowerCenter with Informatica Cloud – Part 1

In Ashwin Viswanath’s previous blog post, SaaS Data Integration for SaaS Applications, he explained how SaaS applications are much more dynamic than on-premises business applications with new fields and objects added with just a few clicks. This same agility is required when it comes to integrating SaaS applications, which is why it is important to have a hybrid IT strategy for your data integration architecture. Informatica PowerCenter together with Informatica Cloud can help you get started with such a strategy.

 

FacebookTwitterLinkedInEmailPrintShare
Posted in Cloud Computing, IaaS, PaaS, SaaS | Tagged , | Leave a comment

More Evidence that Cloud Computing is Changing Data Integration

In a recent Sand Hill article, Jeff Kaplan, the managing director of THINKstrategies, reports on the recent and changing state of data integration with the addition of cloud computing.  “One of the ongoing challenges that continues to frustrate businesses of all sizes is data integration, and that issue has only become more complicated with the advent of the cloud. And, in the brave new world of the cloud, data integration must morph into a broader set of data management capabilities to satisfy the escalating needs of today’s business.” (more…)

FacebookTwitterLinkedInEmailPrintShare
Posted in Cloud Computing, IaaS, PaaS, SaaS | Leave a comment

Will Salesforce be the Catalyst to Propel MDM into the Cloud?

Salesforce.com – a company that has become synonymous with the cloud – acquired over 100,000 customers and one million users within a span of just 10 years. Compare that to a traditional company like General Electric, the only company to be on the Dow Jones Index for over 100 years – it took them over five-times that many years to acquire the same number of customers. This goes to say that customers have been enamored by the cloud and its benefits – no software maintenance, rapid time-to-value, and subscription pricing – to name a few. No wonder, there are thousands of cloud applications and millions of users out there now. I’ve seen projections that the cloud computing market will grow to $241 billion by 2020. This might be a conservative estimate.

(more…)

FacebookTwitterLinkedInEmailPrintShare
Posted in Cloud Computing, Customer Acquisition & Retention, Data Governance, Data Integration Platform, Enterprise Data Management, IaaS, Master Data Management, Uncategorized | Tagged , , , , , , , , , , , , , , , , | 2 Comments

Analytics are Like Cincinnati Chili

Ever been to Cincinnati? They have amazing chili there. Five-way chili it’s called. They stack toppings like cheese, onions, sour cream, etc. to get one, two, up to four way chili. Then chili with all the fixings served on a bed of spaghetti noodles is five-way chili. It is quite an experience and if you go all in for the five-way, it’s quite a meal. I usually take my chili three-way with cheese and onions. And at the risk of drawing the ire of Cincinnatians everywhere, I do not eat my chili on a bed of spaghetti noodles. Too much food, difficult to eat, impractical. So, how is analytics like chili? I’m going to play safe and say that analytics is not really like chili. But you can have it many different ways—at least five ways. So here I’ll outline just three ways – just how I like my chili – that Informatica OEM partners deliver analytics that embed Informatica data integration technology. (more…)

FacebookTwitterLinkedInEmailPrintShare
Posted in Cloud Computing, Customer Acquisition & Retention, Customers, Data Integration, Data Integration Platform, IaaS, Partners, SaaS | Tagged , , , , , , , , , | Leave a comment

Building Applications with Muscle–The Informatica OEM Program

Growing up I had an unhealthy obsession with classic American muscle cars. I was primarily a Mopar man, but really anything with enough steel, 300 or more horsepower, and a flashy paint job would do. I spent an altogether ridiculous amount of my youth studying the details of internal combustion engines, transmissions, carburetor cfm charts, gear and compression ratios, fluids’ viscosity and myriad other intricacies to prepare me for weekends under the hood of some monster from Detroit. Every night, you could find me devouring catalogues with page upon page of parts lists with their specifications and prices. One thing that always struck me was how many original parts used in these masterpieces of engineering were designed, developed, and delivered by companies whose badge was not on the hood of the car. OEM parts these were called. Why would these carmakers rely upon relatively unknown third parties to manufacture a huge percentage of the parts used in the cars? (more…)

FacebookTwitterLinkedInEmailPrintShare
Posted in B2B, Business Impact / Benefits, Cloud Computing, Customers, Data Integration, Data Integration Platform, IaaS, PaaS, Partners, SaaS | Tagged , , , , , | 2 Comments

What Will the Software Industry Look Like in 3, 5, Even 10 Years From Now?

Recently Informatica’s Chairman and CEO Sohaib Abbasi was asked to provide commentary on the future of the software industry for SIIA’s annual Vision from the Top. The paper includes input from industry leaders from SIIA members such as Eloqua, GoodData, InsideView, Intuit, Marketo, Opsource, QlikView, Symantec and Xactly. In the the paper, he outlines how “the computer industry will be shaped by the current nexus of megatrends:  Cloud Computing, Social Computing and Mobile Computing.”

Here is Sohaib Abbasi’s answer to the question: “What will the software industry look like in 3, 5, even 10 years from now?” (more…)

FacebookTwitterLinkedInEmailPrintShare
Posted in Big Data, Business Impact / Benefits, Business/IT Collaboration, CIO, Cloud Computing, Data Governance, Data Integration, Data Integration Platform, Data Quality, Governance, Risk and Compliance, IaaS, Informatica 9.1, Mergers and Acquisitions, Operational Efficiency, PaaS, SaaS | Tagged , , , , , , , , , , , , , , | 1 Comment

Cloud-Enabled MDM Comes of Age: Cognizant Delivers First SaaS Solution Built on Informatica MDM

The industry’s first cloud-based solution for master data management (MDM) has arrived, signaling the emergence of a new architectural model for MDM that can offer rapid time to deployment without substantial capital expenditures.

Cognizant, a leading provider of IT and consulting services, is rolling out a solution called Cognizant MDM-in-the-Cloud for Life Sciences. Built using Informatica MDM at the core technology, it’s designed to help pharmaceutical and medical device companies to realize a complete, accurate view of monetary gifts and in-kind transfers made to physicians, including gifts, entertainment, consulting fees, meals, research funding, and more.

(more…)

FacebookTwitterLinkedInEmailPrintShare
Posted in Business Impact / Benefits, CIO, Cloud Computing, Data Quality, Enterprise Data Management, IaaS, Informatica 9.1, Master Data Management, News & Announcements, PaaS, Partners, SaaS, Vertical | Tagged , , , , , , , , , , , , , , , , | 1 Comment

Cloud Slam ’11: The Importance Of Cloud Integration For Hybrid IT

Cloud Slam ’11 is the first hybrid event that I’ve been a part of – in other words, its both virtual and live. Naturally I’ll be doing a session focusing on the hybrid reality of today’s IT organization and the importance of cloud data integration.

I even have a few free passes if you’re interested in attending this or other sessions. (Sorry, it’s first come first serve.) (more…)

FacebookTwitterLinkedInEmailPrintShare
Posted in Business/IT Collaboration, CIO, Cloud Computing, IaaS, Informatica Events, PaaS, SaaS | Tagged , , , , , , , , , , , | Leave a comment