Agent Security Overview

Prev Next

Panaya Agents are lightweight, secure software components installed in your local environment or the cloud to execute automated testing activities. This overview explains how these Agents securely interact with Panaya’s cloud platform and outlines the safeguards to protect your data and system integrity.

Panaya adheres to industry-leading practices and is SOC 2 certified. Our platform is built to ensure that your data stays secure, your systems remain isolated, and that no unauthorized access can occur, even in a shared cloud environment.

Secure Connection Design

Unlike systems that require open inbound access, Panaya uses a pull-based model for maximum security and compatibility:

  • The Agent initiates all communication with Panaya. The Panaya platform never initiates contact with your systems.

  • Every minute, the Agent securely checks in with the Panaya cloud to see if there are scheduled test tasks to run.

  • If there is a task, it is downloaded and executed within your environment, with no need to expose your internal systems to external access.

The agent must be able to access the internet. If necessary, specific domains can be whitelisted in the firewall or proxy settings.

Validating Trusted Requests

Panaya uses a multi-step process to make sure that only authorized instructions are accepted by the Agent:

  1. Encrypted Communication: All data is sent over HTTPS (TLS), ensuring security in transit.

  2. Authentication: Each Agent is configured with a unique username and access token that must match Panaya’s records.

  3. System Identification: An additional system ID must be provided by the Agent to confirm its identity and ensure it interacts only with the defined projects within this system.

  4. Digital Signature: The Agent software package is digitally signed by Panaya. This ensures the authenticity and integrity of the package, preventing tampering or the installation of unauthorized code.

These safeguards ensure that no unauthorized user or service can issue commands to your Agent.

Agent Monitoring

To verify that Agents are running properly and securely:

  • Each Agent sends a “heartbeat” message to Panaya once per minute.

  • This confirms the Agent is online and ready to receive tasks.

  • If the Agent stops sending heartbeat messages, its last communication timestamp is used to indicate that it is no longer active; allowing administrators to detect and respond to the issue promptly.

Keeping Your Data Safe

Panaya has years of experience operating a multi-tenant cloud platform with strong data separation. We take the following measures to ensure your data remains private:

  1. Tenant Isolation: Your data is stored and processed in a logically separated environment, ensuring it cannot be accessed by other customers.

  2. Access Controls: We use advanced permission models and session control to limit who can access your data, whether through the user interface or APIs.

  3. Short Session Expiry: API sessions automatically expire after a short duration, reducing the risk of unauthorized access.

Summary

Panaya’s Agent-based test execution is designed with security at the core. Through outbound-only communication, multiple layers of authentication, continuous monitoring, and proven multi-tenant isolation, we provide you with a robust, enterprise-grade security foundation.

For more information, please refer to our Information Security Policy.