Optimizely has implemented a variety of integration capabilities within Optimizely Configured Commerce that allows it customers to transfer data between their internal systems and Configured Commerce. The implementation of this data transfer involves the use of services that send data over a Hypertext Transfer Protocol (HTTP) session encrypted with Transport Layer Security (TLS), aka HTTPS. This is the only currently supported configuration which has been proven reliable, scalable, and secure.
Other technologies such as a site to site Virtual Private Network (VPN) are not currently supported. Optimizely believes a VPN to be cryptographically redundant and introduces a level of unnecessary complexity that directly impacts the reliability and scalability of Configured Commerce. This paper is intended to describe Optimizely's reasoning on why VPN technologies are not currently supported.
HTTP over TLS (HTTPS)
Many modern applications use HTTPS to provide confidently and integrity controls when one endpoint is sending sensitive data to an application over untrusted networks. All major operating systems and browsers support HTTPS with little to no configuration required. Authentication is usually achieved via a set of credentials and/or certificates.
Below is a diagram showing how HTTPS is used when transferring data with Configured Commerce via an integration server.
A VPN is a network-based tunneling protocol and is typically used to connect disparate networks together in order to allow many endpoints in one network to connect to many endpoints in another network. A VPN by default has no encryption capabilities but can be configured to use a variety of cryptographic protocols such as TLS, IPSec, and so on. The configuration of a VPN can be complex, and compatibility is dependent on the specific VPN technology that is deployed at both networks. Authentication is dependent on the tunneling protocol that is implemented but is usually in the form of a pre-shared key or a set of credentials.
Below is a diagram showing how a VPN would be redundant and increase complexity when transferring data with Configured Commerce via an integration server.
This configuration is not currently supported by Configured Commerce.
Optimizely has and will continue to evaluate all modern transport and encryption technologies. Currently, Optimizely has determined that HTTPS is the only supported method to provide the integration between its customer's systems and its own internal systems. The reasoning for this is outlined below:
- HTTPS provides the same level of confidentiality and integrity protections that a VPN does.
- A HTTPS session over a VPN would be highly cryptographically redundant especially if the VPN also uses TLS for encryption.
- Using HTTPS in conjunction with network based IP whitelisting will dramatically reduce the public exposure to a customer's network and match any security gains that would have been realized through the use of a VPN.
- A VPN would add a significant level of complexity and configuration to manage.
- Only a single endpoint is required to exchange data which dramatically limits the need for a VPN.
- The use of a misconfigured VPN could unintentionally expose other applications and services that are beyond what is required.
Configured Commerce also allows for real-time data functionality which requires that a customer's Enterprise Resource Planning (ERP) system be accessible to Configured Commerce via an Application Programming Interfacing (API). To limit the exposure to the customer's ERP system, an API proxy is typically deployed which Configured Commerce directly connects to via HTTPS requests. This API proxy then passes on the requests directly to the customer's ERP system. This configuration allows the customer to implement additional controls between the API proxy and the ERP system that may be required by their internal policies.
If an API proxy can not be deployed and Configured Commerce directly connects to a customer's ERP system, Optimizely highly recommends that customers implement the following controls:
- Network based IP allow-listing to reduce the public exposure of the customer's ERP system.
- Configure dedicated user accounts that are only authorized to read the data elements that Configured Commerce needs access to.
- Network and application level logging to audit all requests from Configured Commerce to the ERP system.
- Network based controls to detect and block malicious network traffic, such as IPS/IDS.
Currently, HTTPS is the only supported method to provide real-time data functionality because of the same reasoning that is outline above. Optimizely believes that with the implemention of the recommended controls, Configured Commerce can access real-time data without compromising the confidentialiy or integrity of a customer's ERP system.
As with many technologies, VPNs have evolved over the years and are now primarily used to create a persistent connection between two different networks that contain numerous endpoints that are required to communicate with each other. Since Configured Commerce only requires a single connection to a single endpoint located on the customer's network, a VPN would provide more functionality then is required and would introduce unnecessary complexity. HTTPS has been recognized as an industry best practice for many years because of the simplicity, scalability, high level of compatibility, and proven encryption technology. As technology evolves Optimizely will continue to enhance Configured Commerce to ensure that its customer's data is effectively protected from improper disclosure and modification.