FlightSpan™ Data Sharing uses the following security measures:
- Authentication: Each FlightSpan instance must authenticate with other FlightSpan instances using unique API keys.
- Push Model: The Shared Data System uses a push model for data sharing, meaning that data is only sent (not requested) to other FlightSpan instances when there is a change to share. This reduces the attack surface by eliminating the need for external FlightSpan instances to have direct access to the internal data of another FlightSpan instance.
- Secret Storage: Send API keys are encrypted at rest and not stored on the receiving FlightSpan instance. Instead, only a hash of the secret key is stored for authentication purposes.
- Unilateral Control: Each FlightSpan instance has unilateral control over what data is shared and received, and can terminate integrations at any time.
- Policy Enforcement: Each FlightSpan instance can define policies that govern what data is shared and received, ensuring that only authorized data is exchanged.
- Domain Restriction: Integrations are restricted to specific domains to prevent unauthorized connections.
- Mutual Consent: Both FlightSpan instances must agree to the integration before data can be shared. If either FlightSpan instance terminates the integration, both FlightSpan instances must agree to re-establish a terminated integration.