User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

Ataccama Cloud

Ataccama Cloud provides a standardized yet flexible, fully automated, and secure environment for your Ataccama ONE data management platform. With quick ramp-up possibilities and easy user onboarding, it allows you to focus fully on your data and make the most out of Ataccama ONE.

Ataccama Cloud at a glance

With Ataccama Cloud, you benefit from a greatly reduced time-to-value and no operational overhead. The quick setup and self-service approach are designed to allow you to efficiently implement the solution across your organization and access it from any location, without compromising on the security or compliance of your data in the process.

For added flexibility, you can choose whether your data is processed within your network (using so-called hybrid mode) and/or within the Ataccama Cloud.

The Ataccama Cloud offering is available in four tiers, each tailored to fit specific data processing and management needs. Which tier you should opt for depends on factors such as resources required, the size of your team, as well as your data processing needs and the amount of data you work with on a daily basis.

In addition, you can further customize your solution thanks to additional packages and services (such as pushdown processing). This way, you can ensure your solution fits your team and all your data assets are processed in a timely manner.

Early access AI features are available only in Ataccama Cloud.
Custom Ataccama Cloud

Custom Ataccama Cloud refers to a type of cloud deployment that supports certain customizations as well as running ONE MDM in the cloud. To find out which cloud deployment is optimal for you, contact Ataccama.

What is hybrid deployment?

Hybrid deployment is a type of setup where all of Ataccama ONE runs in the cloud except Data Processing Engines (DPEs). DPEs are then deployed and operated by you in your corporate network (in cloud or on-premise). It is supported in all Ataccama Cloud tiers.

As only a fraction of meta and sample data is transmitted to the rest of Ataccama ONE, it is particularly well suited when:

  • Your data must be restricted to a certain location or network due to legal or regulatory requirements.

  • You need to optimize how efficiently the data is accessed and processed due to network limitations such as insufficient bandwidth or latency.

If you are working with a variety of sources, this lets you decide which sources need to reside in a highly restricted environment, while the remaining ones can be installed outside that network.

As DPE is always the one to initiate the communication with Ataccama ONE, there is no traffic coming into your network from the Ataccama Cloud. For details, see hybrid-deployment:hybrid-deployment-guide.adoc.

Ataccama Cloud vs. self-managed: how do they compare?

Self-managed, on-premise deployment can provide a higher level of customization compared to Ataccama Cloud, specifically in terms of data source integrations, connectivity, and data recovery. This can be beneficial in case you need to comply with particularly stringent or intricate security and legal policies, for instance, if your data must stay within your network at all times.

However, this setup also significantly increases the complexity of your IT landscape and requires employing expert IT teams that can independently operate and maintain the solution.

In terms of the product functionality, the features available do not depend on the deployment mode. The one exception to this are early access AI features (not available in self-managed deployments).

Architecture

Ataccama Cloud environments are deployed in Amazon Web Services (AWS) cloud and available in the US East, EU Central, and AP South East regions.

The only component shared between the various environments is the frontend load balancer. All Ataccama Cloud deployments have a dedicated database for each customer environment.

All components of the Ataccama ONE Platform are run, maintained, and upgraded by Ataccama, with the exception of DPEs if hybrid DPE deployment is used.

Your environment is managed through the Cloud Portal, which is the Ataccama Cloud administration and configuration interface. This is also where your operators can make changes to allocated resources, for example, start or stop particular services or entire environments, or add additional data processing engines.

Data sources integration

Ataccama Cloud can securely connect to your data sources in the cloud, on-premise, or hosted on a third-party service. Thanks to this, your solution remains compliant with any related regulations and security demands.

To ensure the resiliency of your data and configurations, regular data backups are implemented along with a number of disaster recovery scenarios. Any connections to Ataccama Cloud are secured using HTTPS/TLS 1.3, which means that communication with Ataccama ONE is always encrypted. Furthermore, we strongly recommend using IP allowlisting to restrict access to your instance of Ataccama ONE to only pre-approved IP ranges.

Identity and access management

Identity and access management for Ataccama Cloud relies on the role-based access control (RBAC) principle. In addition, the solution can integrate with any identity management system that supports the SAML, OAuth 2.0, or OIDC protocol, as well as LDAP integration and more.

Security overview

Managing and testing the security of Ataccama Cloud is an integral part of the application lifecycle, starting from implementing best practices according to the Open Web Application Security Project (OWASP) recommendations, through penetration testing by an independent third-party and disaster recovery testing of each major release, to continuous monitoring of vulnerabilities in used libraries and security patching.

We also transparently provide information about the Ataccama Cloud architecture and security to each customer, including clear communication of all security-related configuration and events.

Ataccama Cloud is certified by ISO 27001 and SOC2 standards and designed to fulfill various international data security standards and definitions. Within Ataccama Cloud, your data is protected at rest using the Advanced Encryption Standard (AES 256) and in transit using the HTTPS mutual Transport Layer Security (mTLS) version 1.3.

To identify and protect Ataccama Cloud components, SSL/TLS certificates are used and renewed once every three months. The bidirectional communication between users and the Ataccama ONE Platform is protected by TLS 1.3.

All storage in the Ataccama Cloud is encrypted using AES-256, with secrets such as passwords and keys being additionally encrypted using an Ataccama owned key uniquely generated for each environment. Sample data is similarly encrypted with an Ataccama-owned key unique to the environment.

Secrets such as passwords and keys do not have to be stored in the Ataccama Cloud; they can be stored in your Azure or HashiCorp key vault or AWS secrets manager which Ataccama ONE natively integrates with.

Logging and monitoring

Ataccama continuously monitors the cloud service functionality and collects all component logs in a centralized, Ataccama-managed monitoring and logging system, which is used internally for incident management and problem solving.

Logs and metrics are always SSL-encrypted in transport and stored in the Ataccama Cloud object storage secured with AES-256 symmetric encryption, with SHA256 file checksums enabled. This helps prevent possible leaks of information and protects against unauthorized log manipulation.

The collected data only contains performance and error data and does not include any of the actual data that Ataccama ONE is processing. By default, logs are kept for 14 days, unless agreed otherwise. Ataccama ONE also maintains an audit log of all user actions inside the platform, which can be accessed from the web interface by authorized users.

Backup and disaster recovery

Ataccama Cloud adheres to the infrastructure as code principles and techniques, meaning that the entire solution, including Ataccama ONE itself, is deployed as code, and application images are stored and maintained in a source code repository. Thanks to this architecture, backing up the whole infrastructure in practice corresponds to backing up the Ataccama Cloud GitLab resources.

The Ataccama ONE platform itself is backed up regularly ensuring that Ataccama can offer a default recovery time objective (RTO) of 48h and a recovery point objective (RPO) of 4h. These times can be as low as 4h for RTO and 15m for RPO should this be required.

Was this page useful?