Data Segregation
Auto Insights provides a multi-tenanted, cloud-based, SaaS solution, where multiple clients share the same underlying infrastructure. Ensuring that data remains separated across clients is of utmost importance.
This document describes the different layers of security and segregation we employ.
Application-Level Segregation
User Access Model
Application-level segregation is achieved through Auto Insights' own user management system, including a hierarchical user access model that manages Organizations, Groups, and Users, which effectively achieves logical segregation of datasets.
Organizations may be an individual company or business unit within a larger company. All resources in our system, including Groups, Users, and Datasets must belong to a single organization and can not be moved to a different organization once defined.
Groups link users to datasets under the same Organization. Each group could have multiple users and contains permission to access multiple datasets with extensive access control, under the same organization. In addition, each group can be configured to have different permission levels.
Users can have different permission levels to different datasets by being part of different groups. No user can share datasets between organizations. Multiple controls are in place during the software development life cycle to ensure the user access model is adhered to. This includes (but is not limited to) code reviews, high-level architectural reviews, and targeted security reviews. Additionally, all Auto Insights software engineers receive training on secure coding practices.
User Authentication
User authentication in the application is done using a JWT token. Thus, all datasets are segregated from a user authorization point of view.
Data-Level Segregation
Customer data in Auto Insights can be classified into two categories: Metadata and Source data. Source data is the raw data that was uploaded or imported into Auto Insights by users. Metadata is information about data that are derived by Auto Insights' algorithms, which may include results of calculations and analysis.
Source data is stored on encrypted disks. Each imported dataset is segregated on disk by directory structure. Access to each directory structure is controlled based on user permissions.
Metadata is stored in a cloud-managed MySQL instance. The table schema follows the logical model described in the preceding section, metadata is keyed to an organization. All metadata is encrypted at rest inside the MySQL database.
Network-level Partitioning
Networks are physically and logically segregated to separate the development environment from the production environment. User data is physically not accessible outside of the production environment.
The production network is partitioned, so the internal network is isolated from the public-facing application server.
Network Security Group is used to implement Access Control List allow-listing for required ports only.
Inbound connections are only allowed from a load balancer behind the Network Security Group and outbound internet connections go through NAT, as Auto Insights hosts are located in a private subnet within a multi-tiered Azure VNET.
Reverse Proxies are used to isolate the server and client.