Auto Insights provides a multi-tenanted, cloud-based, SaaS solution, where multiple
clients share the same underlying infrastructure. Ensuring that data remains
separated across clients is of utmost importance.
This document describes the different layers of security and segregation we employ
to keep data safely compartmentalized.
User Access Model
Application-level segregation is achieved through Auto Insights' own user
management system, including a hierarchical user access model that manages
Organizations, Groups, and Users, which effectively achieved logical segregation
Organizations may be an individual company or a business unit within a larger
company. All resources in our system, including Groups, Users, and Datasets must
belong to a single organization and can not be moved to a different organization
Groups link user(s) to dataset(s) under the same Organisation. Each group could
have multiple users and contains permission to access multiple datasets with
extensive access control, under the same organization. In addition, each group can
be configured to have different permission levels, see this link for more information
on the permission levels.
Users can have different permission levels to different datasets by being part of
different groups. No user can share datasets between organisations.
Multiple controls are in place during the software development lifecycle to ensure
the user access model is adhered to. This includes (but is not limited to) code
reviews, high-level architectural reviews and targeted security reviews. Additionally,
all Auto Insights software engineers receive training on secure coding practices.
User authentication in the application is done using a JWT token. Thus, all datasets
are segregated from a user authorisation point of view.
Customer data in Auto Insights can be classified into two categories: Metadata and
Source data. Source data is the raw data that was uploaded or imported into
Auto Insights by users. Metadata is information about that data that are derived by Auto Insights' algorithms, which may include results of calculations and analysis.
Source data is stored on encrypted disks in Microsoft’s Azure cloud. Each
imported dataset is segregated on disk by directory structure. Access to each
directory structure is controlled based on user permissions.
Metadata is stored in an Azure managed MySQL instance. The table schema
follows the logical model described in the preceding section, metadata is keyed to
an organisation. All metadata is encrypted at rest inside the MySQL database.
Networks are physically & logically segregated to separate the development
environment from the production environment. User data is physically not
accessible outside of the production environment.
The production network is partitioned, so the internal network is isolated from the
public-facing application server.
Azure Network Security Group are used to implement Access Control List
whitelisting for required ports only.
Inbound connections are only allowed from a load balancer behind the Azure Network Security Group and outbound internet connections go through NAT, as Auto Insights hosts are located in a private subnet within a multi-tiered Azure VNET.
Reverse Proxies are used to isolate the server and client.