Integration / Native
NativeCloudIntegration Pattern

Int-Native-Cloud

Problem

Two distinct cloud-native applications, or a cloud-native application and a SaaS platform, need to synchronously or asynchronously exchange data or services using their respective built-in integration capabilities.

Solution

Leverage a vendor-provided or platform-native integration component (e.g., application connectors, event streams, or direct API links) to establish a secure, managed data exchange channel between the source and target applications. This approach utilizes pre-built, certified integrations, often eliminating the need for custom middleware.

Cloud Paradigm

  • Native Application Integration
  • Managed Service Connectivity
  • SaaS-to-SaaS Integration
  • Vendor-Certified Connectors
  • API-First Design (where APIs are the native mechanism)
  • Event-Driven Architecture (for asynchronous patterns)

Implementation Guidelines

Solution Flow

Data Exchange Flow (Synchronous or Asynchronous):

  1. Source Application: An internal or external cloud-native application triggers a data exchange, either synchronously (e.g., API call) or asynchronously (e.g., publishing an event to a stream).
  2. Native Integration Component: The source application's built-in integration component or connector serializes the data and initiates a connection to the target application. This component handles protocol conversion and ensures secure transport.
  3. Secure Communication Channel: Data traverses a pre-established, vendor-managed, and implicitly secured channel, leveraging underlying cloud network infrastructure. This channel often operates within a trusted platform boundary or is secured via mutual authentication, potentially bypassing traditional perimeter security layers.
  4. Target Application: The target application's native integration component receives, authenticates, and validates the incoming data or event.
  5. Target Workload: The target application processes the data, performs business logic, and persists the information or triggers further actions. A response (for synchronous flows) or acknowledgment (for asynchronous flows) is then sent back via the native integration channel.

Additional Details

  • Vendor Certification: Prioritize native integrations that are officially supported and certified by both platform vendors, ensuring compatibility, ongoing maintenance, and robust security posture.
  • Configuration as Code: Manage native integration configurations, including connection parameters and security credentials, as code artifacts (e.g., YAML, JSON) within a version control system and deploy them via automated CI/CD pipelines.
  • Observability: Implement comprehensive logging, monitoring, and tracing capabilities provided by the native integration platforms. This includes tracking data exchange status, latency, error rates, and auditing access to ensure transparency and troubleshoot issues effectively.
  • Data Governance: Ensure the native integration adheres to organizational data governance policies, including data residency, classification, and retention. Validate that sensitive data is appropriately handled and encrypted at all stages of the exchange.
  • Scalability & Resiliency: Native integrations are typically designed to leverage the inherent scalability and resiliency of the underlying cloud platform. Validate that the configured integration points can handle anticipated load and failover scenarios without manual intervention.

Security Controls

  • Transport Security: Enforce strict Transport Layer Security (TLS 1.2 or higher) on all integration endpoints to protect data in transit.
  • Authentication & Authorization:
    • For system-to-system integrations, utilize robust mechanisms such as OAuth 2.0 (Client Credentials Grant), Mutual TLS (mTLS), or Service Account-based authentication where supported natively by the platform.
    • API Keys should be used judiciously, primarily for identification or rate limiting, not as the sole authentication mechanism.
    • Implement Role-Based Access Control (RBAC) to ensure the integration components operate with the principle of least privilege.
  • Data Encryption: Ensure sensitive data is encrypted at rest within the integrated applications' storage mechanisms, adhering to data residency and compliance requirements.
  • Auditing and Logging: Enable comprehensive logging and auditing for all integration activities, including successful and failed data exchanges, authentication attempts, and authorization decisions. Centralize logs for monitoring and compliance.
  • Vulnerability Management & Testing: Regularly perform security assessments, penetration testing, and vulnerability scanning on the integrated applications and their connecting components to identify and remediate potential weaknesses.
  • Configuration Management: Treat all integration configurations, including security settings, as immutable infrastructure and manage them via Infrastructure as Code (IaC) principles.