Auto Insights provides a multi-tenanted, cloud-based, SaaS solution, where multiple clients share the same underlying infrastructure. Ensuring that data remains separated across clients is of utmost importance.
Importante
When Private Data Handling is enabled for your workspace, all of your data uploaded to Analytics Cloud remains within your Private Data Plane infrastructure on AWS, Azure, or GCP as configured. For more information, see Private Data Handling.
This document describes the different layers of security and segregation we employ.
Application-level segregation is achieved through a combination of Alteryx Analytics Cloud's user management system and Auto Insights' own user management system, including a hierarchical user access model that manages Workspaces, Roles, User Groups, Users, and Assets, which effectively achieves logical segregation of data and assets.
Workspaces may be an individual company or business unit within a larger company. All assets throughout Analytics Cloud, including Groups, Users, Datasets, Missions, and Reports must belong to a single workspace and cannot be moved between workspaces once defined. A Workspace is defined within Analytics Cloud, and its access model is inherited and enforced throughout each application including Auto Insights.
Roles (see Roles Page and Permissions Matrix) are a set of privileges that can be assigned to 1 or more Analytics Cloud users, which govern access to applications within the Analytics Cloud workspace. For Example, the Auto Insights Creator Role is required to allow a user to create Datasets, Missions, & Reports within Auto Insights, whereas the Auto Insights Consumer Role allows a user to create only Missions & Reports.
Users can have different permission levels to different Datasets by being part of different Groups and User Groups - see below. Datasets cannot be shared between workspaces.
User Groups (in Analytics Cloud Workspace Admin Console - see User Groups) are used to represent a group of users that have similar access needs, and assigns Users a list of Roles, and is then used to grant access to Assets during the sharing experience - only assets that are shown within the Analytics Cloud Library can be shared via User Groups, for example, Auto Insights Datasets, Designer Cloud Workflows, and Plans. Auto Insights Missions and Reports are not yet supported. User Groups only support Datasets created from Analytics Cloud, and cannot be used to grant access to Datasets created via Designer or Admin Portal.
Groups (in Auto Insights Admin Portal) link Users to Auto Insights Datasets under the same workspace. Each Group could have multiple Users and contains permission to access multiple Datasets with extensive access control, under the same workspace. In addition, each Group can be configured to have different permission levels. Groups only support Datasets created via Designer or Admin Portal, and cannot be used to grant access to Datasets imported from Analytics Cloud.
Multiple controls are in place during the software development life cycle to ensure the user access model is adhered to. This includes (but is not limited to) code reviews, high-level architectural reviews, and targeted security reviews. Additionally, all Auto Insights software engineers receive training on secure coding practices.
User authentication in the application is done using a JWT token. Thus, all datasets are segregated from a user authorization point of view.
Customer data in Auto Insights can be classified into three categories: Source data, Analytics Data and Metadata. Source data is the raw data that was uploaded or imported into Auto Insights by users, stored as a staging file. Analytics data is a copy of the source data that has been processed, analyzed, and loaded into our Analytics database to facilitate real-time queries. Metadata is information about data that are derived by Auto Insights' algorithms, which may include results of calculations and analysis.
Source data is stored as a staging file on encrypted disks, segregated on disk by directory structure. Access to each directory is controlled based on user permissions to the dataset.
Analytics data is stored in our Analytics (OLAP) database, on encrypted disks. Access to the analytics dataset is controlled based on user permissions to the dataset, linked to a workspace.
Metadata is stored in a cloud-managed MySQL instance on encrypted disks. The table schema follows the logical model described in the preceding section, metadata belongs to a specific dataset, linked to a workspace.
The network-level partitioning of system is designed with a focus on security. The development and production networks are kept separate and private, with no direct connections between them.
Inbound connections to the network are carefully managed through a load balancer. This load balancer employs a firewall that only allows connections on specific, pre-determined ports, reducing potential security risks.
For outbound connections, a Network Address Translation (NAT) gateway is used. This helps in managing not only the network's outbound traffic but also adds an extra layer of security by hiding internal IP addresses from the external network.