Skip to main content

Customer environment security

This document outlines customer environment security best practices and minimum security baselines for deploying and operating Self-Deployed Runtime in your environment.

Security assessment process

Before deployment, customers must complete a security assessment that includes:

  • Network architecture review: Validate network security controls and configurations
  • Credential management validation: Verify secret management practices and policies

This assessment ensures your environment meets the minimum security baselines required for secure deployment.

Infrastructure security

Your infrastructure must meet these minimum security baselines:

  • Container runtime security: Kubernetes 1.24+ or Docker 20.10+ with security features enabled
  • Network segmentation: Self-Deployed Runtime isolated from production systems
  • Endpoint protection: Anti-malware and endpoint detection solutions deployed
  • Vulnerability management: Regular patching and vulnerability scanning implemented

Network security controls

Self-Deployed Runtime uses outbound-only communication and never accepts inbound connections. Your network must implement these controls:

  • Outbound-only communication: Self-Deployed Runtime never accepts inbound connections
  • TLS 1.2 minimum: All external communication uses TLS 1.2 or higher
  • Firewall requirements: Customer firewall rules for Self-Deployed Runtime communication

Required network configuration

firewall_rules:
  outbound_allowed:
    - destination: "*.atlan.com"
      port: 443
      protocol: HTTPS
    - destination: "*.atlan.com" 
      port: 443
      protocol: gRPC/TLS
      
  inbound_blocked:
    - all_traffic: DENY  # No inbound connections to agent

For detailed configuration steps, see Configure network security.

Identity and access management

Apply the principle of least privilege with these requirements:

  • Principle of least privilege: Self-Deployed Runtime credentials limited to required data sources only
  • Regular credential rotation: Scheduled rotation of Self-Deployed Runtime access credentials
  • Audit logging: Complete audit trail for Self-Deployed Runtime-related activities

Ongoing security requirements

Maintain security with these ongoing requirements:

  • Vulnerability management: Prompt application of security patches
  • Incident response coordination: Participation in security incident response

Need help

If you need help, contact [email protected] for assistance.