Data Secure Access
Interoperability and Portability
FusionFabric.cloud is a multi-tenant SaaS solution owned and operated by Finastra. The underlying data that is specific to Finastra’s operations is not considered application data owned by our consumers (tenants).
FusionFabric.cloud service as a whole is not meant to be installed and operated by a customer. Some sub-components of FusionFabric.cloud may be installed and operated by a customer, but those components need to interact with the FusionFabric.cloud central instance operated by Finastra and are not meant to be used autonomously.
APIs
FusionFabric.cloud does not publish all its APIs. FusionFabric.cloud is a service owned and operated by Finastra and customers are not expected to interact with the full set of APIs.
FusionFabric.cloud is an Open API and Data Platform. As such, the platform exposes the APIs of other Finastra products and services, notably the ones operated within the context of our customers. While these APIs are exposed and documented as part of FusionFabric.cloud, they are not considered as the components of FusionFabric.cloud platform, but only as artifacts managed by the platform.
APIs part of FusionFabric.cloud made for public interactions are exposed and documented in the FusionFabric.cloud Open API and Data Platform feature set.
Data Requests
FusionFabric.cloud handles the data of other Finastra products and services, notably the ones operated within the context of our customers. While these datasets are exposed and documented as part of FusionFabric.cloud, they are not considered as components of FusionFabric.cloud, but only as artifacts managed by the platform.
Exporting such a dataset is a standard and eventually be a self-service feature of the FusionFabric.cloud Open API and Data Platform.
Identity and Access Management
FusionCreator Developer Portal
The FusionCreator Developer Portal implements the OAuth 2.0 Authorization Framework.
For more details check the OAuth2 Client Authorization section.
On FusionFabric.cloud the authorization process is orchestrated by the FusionCreator Authorization Server through one of the following OAuth 2 flows:
User Access Policy (FusionFabric.cloud and Dataset Specific)
Any access within the FusionFabric.cloud platform to a resource or data is implemented following the principle of least privilege on a need to know basis. The data stored on the platform is accessed only by service principals to build data pipelines, application development or reporting. Access to individual accounts is allowed for operational continuity and based on the business use-case.
All identities that access any resource or data on the platform are provisioned only through an identity provider integrated with the FusionFabric.cloud Login API. This makes identity management, including access revocation, seamless. All access requests are monitored. Alerts are raised in the case of anomalous access patterns.
User Access Review
User access is authorized and revalidated for entitlement appropriateness, at planned intervals.
Timely de-provisioning of user access to data and/or managed applications, infrastructure systems, and network components is implemented as per established policies and procedures.
User ID credentials
All assigned user credentials belong to an organization that financial institutions own in one or more tenants, whereby the identity provider only works with specified tenants at the organizational level. FusionFabric.cloud uses OpenID Connect (OIDC) to delegate authentication and authorization grant flows for tenants of the platform. Currently SAML 2.0 is not supported.
Account management with unlocking accounts that have been locked out depends on the identity provider (IdP) of the financial institutions. FusionFabric.cloud manages accounts on either a tenant-by-tenant or product-by-product basis.
Third Party Access (fintechs and Data Partners)
Any third-party access of the data stored on the FusionFabric.cloud platform is governed through Finastra’s data product regulatory review process. The process involves third party risk assessment, legal, regulatory, privacy, and contractual review of data usage rights by the third party. The recommended requirements that come out of the review process are translated into security controls, where applicable, and implemented accordingly.
In addition, our third-party app validation program for every app hosted on the FusionStore ensures that the data accessed by these third-party apps is secured as per the requirements defined in the program. A key control implemented as part of any third-party access of the data is our proprietary consent mechanism.