Hi! Has this feature made its way to planning/roadmaps? The ability to control access to Fivetran web UI (and management API(s)) using source IP would be a very effective base security control.

There's a similar request here: https://support.fivetran.com/hc/en-us/community/posts/9863827935127-Dashboard-Improvement-Whitelist-IP-address-access-to-the-dashboard

Hi Phil,

It's currently sitting in our backlog and has not made it's way to a roadmap.
Usually one of our other controls like private link, proxy agent is sufficient for our customers.
Would love to hear more about exactly why it's important.

Thanks,
Pieter

Hi Pieter,

Thanks for the quick reply.

"Usually one of our other controls like private link, proxy agent is sufficient for our customers."

These controls are great for the data-movement plane for sources and destinations that are created legitimately. But are not applicable to the Fivetran control/management plane. As you know, the control plane is what creates sources and destinations, and jobs to move data.

"Would love to hear more about exactly why it's important."

IP source based controls for restricting access to a service's control plane (especially REST API in the case of SaaS) is an important safeguard against the risk of stolen/exfiltrated credentials (API secrets). As a data movement tool Fivetran is potentially a data theft firehose to anyone who gains the ability to create destinations.

The Snowflake account compromises (and subsequent mass data theft) of 2024 were a wake-up call to Snowflake and their customers. Would like to see Fivetran front-foot this risk.

IP source controls are not a panacea, they are an important feature of a defence-in-depth approach to data protection.

Hi there, has there been any progress on getting this into the roadmap?