Understanding Cloud Licensing Security Setup
If your account manager or consultant has recommended upgrading your Aperture Data Studio deployment to a cloud license, it’s because Aperture Data Studio v3.0 will only be available through cloud licensing. Cloud licensing brings many benefits (for more details, please refer to this write-up), but might require some configuration changes, either opening a specific server port and/or whitelisting Experian's licensing server URL in your firewall’s outbound traffic rules. Understandably, some users have raised security concerns about allowing internet connectivity for licensing purposes. This post aims to clarify why cloud licensing does not introduce security risks.
1. No unsolicited external connections
The key difference between outbound and inbound traffic is control. For licensing checks, your server initiates outbound communication with Experian's licensing servers, ensuring controlled and secure interactions. Whitelisting Experian's licensing server URL or opening a specific outbound port allows only authorized requests, preventing unsolicited access, as no unsolicited external connections can be made to your infrastructure.
2. Experian Licensing Server is Securely Configured
Security is a top priority in our cloud licensing framework. Experian licensing server uses strong encryption (TLS/SSL) and digital certificates to protect data. It is also monitored for unauthorized access, ensuring continuous protection.
3. Limited Exposure Through Controlled Outbound Access
Allowing outbound traffic to our trusted licensing server does not expose your system. Firewalls should follow the “least privilege” principle, permitting only necessary connections. This approach minimizes your attack surface while ensuring that licensing functions operate smoothly.
4. No Inbound Ports Are Required
Unlike other cloud services, our licensing system does not require open inbound ports, keeping your network protected from external threats.
Best Practices for Secure Licensing Configuration
To further enhance security while enabling cloud licensing, consider these best practices:
- Restrict outbound connections to only essential services.
- Monitor network traffic for unusual or unauthorized activity.
- Use firewall rules to limit outbound traffic to specific IP addresses and ports.
- Regularly audit and update firewall settings to maintain optimal security.
Conclusion
Allowing outbound communication for cloud licensing is a low-risk, necessary step to ensure proper licensing functionality for Aperture Data Studio v3.0. With robust security measures in place, your infrastructure remains protected while benefiting from the latest software advancements. Many leading organizations (some of the biggest financial institutions, banks, insurers and retailers) trust Aperture Data Studio’s cloud licensing, and have been using it since 2023 without issue.
If Cloud Licensing is still a concern, please speak to your Experian contact about the pros and cons of an alternative non-standard approach.
For any questions or assistance with cloud licensing or firewall configurations, please ask on the community forum or reach out to our support team.