Integration Protection

Bloomreach Engagement offers the following protections for integrations in our core security:

  • Static IPs
  • TLS/HTTPs API
  • SSH

Static IPs

Included on all types of instances

In order to set up a firewall for a specific IP address of a Bloomreach Engagement server, it is necessary to enable Static IPs for the particular import or webhook.

TLS/HTTPs API

Included on all types of instances

The Bloomreach Engagement app utilizes TLS, in communication within the app and web tracking. TLS is a security protocol designed to facilitate privacy and data security for communications over the Internet.

HTTPS uses SSL/TLS to encrypt normal HTTP requests and responses, making data movement safer and more secure. Data is encrypted in transit in both directions: going to and coming from the origin server and a website that uses HTTPS has https:// at the beginning of its URL instead of http://.

It is beneficial to use HTTPS as it is more trustworthy for users as guarantees that a website server name is authentic. As a result:

  • Attackers cannot steal or phish data.
  • The user’s usernames and passwords can't be stolen in transit when users enter them into a form.

Certificates

Included on all types of instances

We also use an SSL certificate which verifies that a client is talking to the correct server that actually owns the domain, for tracking and logging into the Bloomreach Engagement app. An SSL certificate is a data file hosted on a website's origin server, containing the website's public key and identity.

This feature is beneficial for your security as devices attempting to communicate with the origin server can verify the server’s identity. In single tenant instances, SSL is also available with your own SAN certificate.

Bloomreach Engagement finally uses the certification authority Let’s Encrypt, to issue certificates as a default option. We also provide an option to use a custom certificate authority.

SSH

Included on all types of instances

SSH tunnel provides protection for the data you transmit via the Internet and import into the Bloomreach Engagement application. It is much more secure to expose the SSH tunnel as the only gateway to your network than leaving your databases and ports open to the internet.

VPN

Single Tenant/Exclusive Instance required

For clients who have stricter security requirements, we'll also offer integration protection through our VPN.

Our Site-to-site VPN protects the logins to the Bloomreach Engagement Application, preventing unauthorized access to single tenant instances.

IPsec or Internet protocol security is a protocol suite that encrypts the entire IP traffic before the packets are transferred from the source to the destination. It is capable and responsible for authenticating the identities of the two nodes before the actual communication takes place between them.