Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
By Jean-Claude Kuo, Principal Product Manager Cloud Security at Talend
Talend’s mission statement is to make all data useful for any organization, by providing clean, complete, uncompromising data for everyone.
It’s no surprise companies' most valuable data is also the most sensitive and the most regulated e.g. electronic health records, financial data, or Personal Identifiable Identifier (PII). Too often, cybersecurity risk considerations keeps these companies from unlocking the full value of their data by adopting modern SaaS based solutions.
This post will outline and highlight how organizations can now benefit from Talend Data Fabric on AWS PrivateLink:
The diagram below represents a typical Hybrid Architecture on a Trusted corporate perimeter perspective. Boundary is simplistically delimited by the non-exposure of endpoints to the public internet, which is deemed at risk and protected by security controls such as firewalls.
Thanks to adoption of technologies such as VPN or AWS Direct Connect, the concept of Trusted perimeter has expanded over the past years from on-premises sites to include AWS perimeter as well. Yet many challenges still exist when it comes to using external SaaS applications that require deep integration into the organization’s information system. Internet-facing applications are treated as an exception in such security models, leading to additional complexity, cost, and stretched time to value. That’s the no-internet architecture dilemma.
Figure 1: No internet hybrid architecture
With the support of AWS PrivateLink, it’s no longer necessary to open a public internet-facing outbound port and connections allowing Remote Engine pairing with Talend Cloud instances.
Figure 2: Talend Data Fabric with AWS PrivateLink
As an example above, a Remote Engine can ingest data from AWS S3 or from an on-premises DB, then apply transformations and Data Quality rules before storing back cleansed and entrusted data into a cloud data warehouse destination such as Snowflake.
In this journey, data and metadata flow transit exclusively through the AWS secure and private network, preventing data and service endpoints to be exposed to the public internet, from your source location to your destination storage.
Deploying AWS PrivateLink is order of magnitude faster comparatively to VPC Peering or site-to-site VPN approach (no network range overlaps), reducing the dependencies to infrastructure teams.
Finally, get faster clearance from security and compliance teams with the unique combination of private network isolation with Talend’s IP Access control. Ensuring no one can access your tenant outside of your private network. For more information, see Setting up IP allowlist policy to restrict user access in the Talend Help Center.
AWS Marketplace: Deploy a Talend Cloud Remote Engine from the AWS Marketplace
AWS news blog: AWS PrivateLink for Amazon S3 is Now Generally available
Please contact your Talend business partner for additional information.
Talend’s mission statement is to make all data useful for any organization, by providing clean, complete, uncompromising data for everyone.
It’s no surprise companies' most valuable data is also the most sensitive and the most regulated e.g. electronic health records, financial data, or Personal Identifiable Identifier (PII). Too often, cybersecurity risk considerations keeps these companies from unlocking the full value of their data by adopting modern SaaS based solutions.
This post will outline and highlight how organizations can now benefit from Talend Data Fabric on AWS PrivateLink:
- To accelerate their digital transformation
- while meeting strict security and regulatory policies by ensuring that the data never goes to the public internet
- Provide a strong security posture
| Time to read | 4 minutes |
| Services used | https://aws.amazon.com/privatelink/ https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html |
The no-internet architecture dilemma
Talend Data Fabric thrives to offer flexibility with a varied deployment model: SaaS, Hybrid, or even On-Premises. AWS PrivateLink provides private connectivity between Amazon Simple Storage Service (S3) and on-premises resources using private IPs from your virtual network. By providing the support of AWS PrivateLink, Talend now offers a path for organizations willing to adopt or expand their use-cases with Talend in a Hybrid or SaaS model, while meeting strict security and regulatory compliance by keeping their data secure and safe in their trusted perimeter.The diagram below represents a typical Hybrid Architecture on a Trusted corporate perimeter perspective. Boundary is simplistically delimited by the non-exposure of endpoints to the public internet, which is deemed at risk and protected by security controls such as firewalls.
Thanks to adoption of technologies such as VPN or AWS Direct Connect, the concept of Trusted perimeter has expanded over the past years from on-premises sites to include AWS perimeter as well. Yet many challenges still exist when it comes to using external SaaS applications that require deep integration into the organization’s information system. Internet-facing applications are treated as an exception in such security models, leading to additional complexity, cost, and stretched time to value. That’s the no-internet architecture dilemma.
Figure 1: No internet hybrid architecture
How Talend makes a difference
Because of the unique Talend Remote Engine architecture, runtime can be deployed on customer’s preferred location, whether on-premises or on the customer’s VPC instance, closest to where data resides.With the support of AWS PrivateLink, it’s no longer necessary to open a public internet-facing outbound port and connections allowing Remote Engine pairing with Talend Cloud instances.
Figure 2: Talend Data Fabric with AWS PrivateLink
As an example above, a Remote Engine can ingest data from AWS S3 or from an on-premises DB, then apply transformations and Data Quality rules before storing back cleansed and entrusted data into a cloud data warehouse destination such as Snowflake.
In this journey, data and metadata flow transit exclusively through the AWS secure and private network, preventing data and service endpoints to be exposed to the public internet, from your source location to your destination storage.
Accelerating time-to-value
As AWS PrivateLink operates at the network layer, there is no material change on the Talend Remote Engine modus operandi. Talend Data Fabric over AWS PrivateLink runs transparently for end users.Deploying AWS PrivateLink is order of magnitude faster comparatively to VPC Peering or site-to-site VPN approach (no network range overlaps), reducing the dependencies to infrastructure teams.
Finally, get faster clearance from security and compliance teams with the unique combination of private network isolation with Talend’s IP Access control. Ensuring no one can access your tenant outside of your private network. For more information, see Setting up IP allowlist policy to restrict user access in the Talend Help Center.
Conclusion
In this post, we have highlighted how a purposely built security layer such as Talend Data Fabric over AWS PrivateLink helps businesses to accelerate their transformation journey with while maintaining a high security posture.
Resources
Talend Help Center: Activate AWS PrivateLink with TalendAWS Marketplace: Deploy a Talend Cloud Remote Engine from the AWS Marketplace
AWS news blog: AWS PrivateLink for Amazon S3 is Now Generally available
Please contact your Talend business partner for additional information.
