All Collections
Integrations in AlphaSense
Security & Guidelines
AlphaSense Security & Reliability Overview
AlphaSense Security & Reliability Overview

This document reviews data security, data architecture, software, and more for an IT audience.

Mark Jones avatar
Written by Mark Jones
Updated over a week ago

AlphaSense classifies data in terms of legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Individual organizations, departments, and divisions are responsible for identifying the specific requirements associated with their data, and are accountable for ensuring that their information assets are maintained in accordance with any appropriate legal or business requirements. For more information, visit our Trust Center.

Table of Contents

Data Center and Admin Access

AlphaSense partners with Amazon Web Services (AWS), a world-class, secure data center provider, and utilizes its state-of-the art electronic surveillance and multi-factor access control systems

Access to servers hosted by AWS is protected by multi-factor authentication (MFA) protocols, and user access control is managed by Identity Access Management tools, via secure communication sessions over SSL/TLS

User Authentication and Data Transmission Security

All end user communication to AlphaSense servers is via HTTPS secure web protocol and behind a user authenticated login process

All user requests are authenticated using one-way encryption against a highly secure database, and by named servers with specific access keys

The connections to the AlphaSense site are encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher).

User data is stored with scrambled names mapped to user specified names through a second secure mapping layer. This ensures that in the unlikely event of an intrusion, an intruder will be unable to ascertain file names or view any content

User data is automatically encrypted using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard, using 256-bit encryption keys Database drives, the search engine, and system drives that store user data are directly encrypted

Data in Transit

* SSL encryption is used to secure the transport of sensitive data across the following environments:

  • SSL encryption on TCP

  • Web-based content and applications using port TCP 443 (HTTPS)

  • Secure SES for alerts and incoming emails

Network Security

AlphaSense servers are hosted behind a firewall with ingress and egress ports turned off, and limited to a single HTTPS access on the server catering to user requests.

Subsystems are further isolated to Virtual Private Clouds without Internet access, which limits access to only specific named servers within the firewall, and via highly secure, one-way encryption keys

Physical Security

We use AWS to host our infrastructure. Physical access to data centers is restricted as per AWS physical security protocolsThe measures are mentioned here : https://aws.amazon.com/compliance/data-center/controls/

Local access to AlphaSense offices is via keycard access and biometric security access which is provided to the employees, CCTV cameras across perimeter, building, office space, and Security guards continuously monitor all cameras.

Single Sign-On (SSO)

AlphaSense supports SAML 2.0 and uses OAuth2 standard authorization.

User authentication data is stored in the application's internal database. We don't support authentication against customer's LDAP or Active Directory.

Data Retention Policies

AlphaSense only retains information for as long as the company has a legitimate, continued need for it or in accordance with applicable legal or regulatory requirements. Once data is no longer required, it is to be either disposed of or archived. While disposal is the preferred outcome for data that is no longer required, archival is an option for business units who believe there may be some uncertainty regarding future requirements for aged data. Data owners are responsible for determining the appropriate retention period(s) for their data and working with IT to ensure that it is aged in accordance with any appropriate regulations or other requirements.

Unless notified of special retention requirements for information by the data owner, AlphaSense IT will apply default retention periods and disposal requirements on all company data, based on its classification.

Data owners of Confidential and Private data are required to specify the data retention period, determined through consultation with the legal department. Business units should carefully consider the costs and legal risks associated with data retention vs. archival or data destruction when establishing retention standards for their data.

FINRA/SEC RULE 17A-4(F) AlphaSense complies with write once read many (WORM) retention requirements, like SEC 17A-4

Confidential Data

There is no default retention period for confidential information. Data must be encrypted where possible, using approved cryptographic algorithms and key strength.

Private Data

Unless otherwise specified below by the data owner, all data classified as AlphaSense Private Data is retained for five (5) years by default. Archival to electronic media is an available option for this class of data and archival records can be retained by the data owner as long as deemed necessary and appropriate.

Internal Data

The default retention period for AlphaSense Internal data is three (3) years, at which time it is subject to disposal. If archival is required or desired, data owners must submit a request to IT prior to the scheduled destruction date, and must be approved by the requestor’s supervisor. Electronic media and paper records containing AlphaSense Internal data must be disposed of using approved, secure methods.

Public Data

Public data is retained seven (7) years by default, though its public availability should be reviewed at least annually. Upon reaching the end of its retention period, all AlphaSense Public data is to be archived prior to destruction. No special disposal methods are required for Public data.

Personally Identifiable Information

Personally identifiable information will be disposed of when legal conditions for retaining it terminates. Users will be given one month to respond with any special requirements for archiving or to request exceptions from AlphaSense data retention policies, after which time IT will dispose of the data in accordance with this policy.

Legal Requirements

Under certain circumstances, AlphaSense may become subject to legal requirements requiring retention of data associated with legal holds, lawsuits, or other matters as stipulated by AlphaSense’s Legal department. Such records and information are exempt from any other requirements specified within this Data Management Policy and are to be retained in accordance with requirements identified by the Legal department.

Threat and Vulnerability / Intrusion Detection

The entire site is constantly monitored and any access in or out is logged for access anomaly detection.

The site is regularly tested for penetration and vulnerability by trained security specialists.

We perform annual external penetration testing using an accredited vendor. Available on request under signed NDA or similar obligations of non-disclosure.

Web service uptime at the server level is continuously monitored for any unexpected downtime incidents or high usage that could portend denial of service attacks.

All VPC flow logs are enabled with AWS config rules. They get sent to AWSGuardDuty to detect any malicious activity and is reviewed regularly. No Customer data is stored in these logs as they are infrastructure level logs.

AlphaSense Enterprise Security

We use Carbon Black solution with EDR capability. Signatures are updated regularly as they are released by the vendor. Emails are being scanned with our email protection system. Antivirus scans all on-access files and have capability to run scans on web applications as well.

We use Avanan email protection system as our secure email gateway for all inbound/outbound emails to prevent our employees from phishing attacks and spam.

Audit Controls / User Activity Reporting

AlphaSense maintains Logs of all User Activity and can provide utilization reports upon client request.

Client Security Teams can limit AlphaSense functionality and broad access controls at a user by user level.

Content Integration Overview by Channel Type

Manual/One Time Uploads

Email In

  • Whitelisting Email Address [email protected] and [email protected]

  • For auto-forwarding considerations -- lift restrictions on auto-forwarding (?)

    • Outlook Considerations

      • Server must allow users to create auto-forwarding rules in order to push content from Outlook into AlphaSense

    • Gmail Considerations

      • Gmail Auto-Forwarding rules require a Confirmation Code be sent to the receiver of the auto-forward which would be [email protected] or [email protected]

      • This Confirmation Code will be returned to the client for activation of the auto-forward rule

  • How we are processing documents:

Capacity limitations

Message body size limit set to 8 Mb.

Google Mail sets body + attachments size summary limit to 25 Mb.

AlphaSense processing and UI sets indexable and downloadable count limits to 10 attachments + the main email body.

Manual File Uploads

  • Are there any known constraints & firewall/permissioning we encounter for manual uploads? - As long as SFTP opens on the client's firewall, upload should work.

  • Capacity Limitations

    • 250 Documents, with each document having a maximum limit of 100MB, for each upload

    • Specific File Type Supported - txt, html, htm, pdf, doc, docx, ppt, pptx, xls, xlsx, msg, eml, csv, xlsb, xlsm, one, tsv, ods

    • Uploads feature provides the ability to upload files with an ability to add Tags and tickers while ingesting the documents

Web Clipper

  • This plug-in is compatible with Chrome Browsers (and Safari for Mobile Devices)

  • Plug-in can be downloaded here and is subject to default IT permissions to download and install from Chrome Web Applications Store

    • Select web pages also are password protected and/or have web crawling limitations that prevent actual extraction of webpage content.

  • SSO users of Web Clipper will be logged in at AlphaSense UI upon download/install, then credentials are automatically recognized

Automatic/Continuous Sync

FileSync

Recommended Virtual Machine Requirements:

  • OS- Windows 7+

  • Min- 1 Core Recommended- 2 Cores

  • Min- 1GB RAM Recommended- 2GB or more

  • Memory- 10GB+ Recommended- 15GB+ for system

To install FileSync in the virtual machine, they can download MSI here:

  • Requirements in Accessing Folders in Local Desktop & Network Drives

    • We can enable are able to sync Local & Network Drive Syncs, with specific requirements

      • Network Drives have to be mapped to LOCAL that provides labeling. This enables FileSync App to recognize changes in the folders directly & create a background sync connection.

      • NOTE: The Virtual Machine User should have READ & WRITE permission to the respective folders being synced into AlphaSense.

  • FileSync Default Settings

    • Ensure we have the following ENABLED

      • “Enable system tray notifications” -- informs new updates on synced folders

      • “Auto start AlphaSense File Sync after login” -- allows AlphaSense to have live connection upon account log-in

      • “Auto create team tags from folder name” -- replicates the Folder Name in Team Tag structure within AS UI

      • Default Download & Upload Speed both at “0”

  • NOTE: FileSync is an External MSI Applications, which gets restarted on Machine re-Start (it is not an Applications Service controlled under Windows Services)

  • Proxy Settings

If user leverages a proxy server, there are a few configurations recommendations

  • If proxy servers are in place, you can check the following URLs to verify successful connection to AlphaSense endpoints

If connection to these endpoints are unsuccessful, user will unlikely be able to connect and authenticate FileSync and would receive the following error message: ‘Network Error:\n Connection refused’

Else, if failure persists, the IT team should check CONNECTIONS setting on the local machine.

Evernote

  • Types of Evernote Account Supported -- Business & Personal

  • Users may be required to unblock/permission pop ups

  • AlphaSense leverages Evernote’s OAuth Windows. Please ensure to authorize account connection

OneNote or SharePoint

AlphaSense leverages the Microsoft Graph API to credential users who are syncing these sources. A user can utilize their Microsoft credentials to create a connection for their OneNote or SharePoint account and AlphaSense.

Depending on a user’s firm policy, this connection may either be unrestricted and immediately allow users to see their OneNote Notebooks or SharePoint Folders. They can proceed to sync these items and once sync is completed any additions, deletions or edits to notes or files added to these Notebooks or Folders at source will then be reflected back into AlphaSense.

In most cases, companies restrict user access and users might see similar messages as below. At this point, AlphaSense is passing a request to the user's IT administrators to enable this connection.

IT Administrators can go to Microsoft Azure Portal and review items under Activity → Admin consent requests. AlphaSense OneNote or AlphaSense SharePoint should appear on the list and will be subject to IT Admin’s permissioning.

Per Azure:

Select an application to review who requested access. After selecting an application, you will be able to approve, block, or deny the admin consent requests for the selected application.

Approving the application requires you to review the application’s permissions and grant admin consent. Granting admin consent to the application will add it to your directory and all users will be able to access it unless you restrict access to the application.

Blocking the application means that it will be added to your directory with a disabled status. Users won't be able to use it or access it.

Denying the admin consent request will not block or add the application to your directory. The request will be ignored, but may return if another user requests access.

IT Administrators may choose two different paths to permissioning under Manage → User Settings

  • Option 1 will enable users to consent app connections (such as AlphaSense) to their OneNote or SharePoint account without an IT administrator.

  • Option 2 will send an IT administrator a request and the user will receive a message requiring Admin Approval each time a new app is being registered.

Box

Integrate documents from your Box account into AlphaSense, easily expanding your access to valuable internal content on the AlphaSense platform, creating a more seamless workflow experience.

By syncing your Box content to AlphaSense, you'll not only save time not needing to check multiple, disparate systems but also increase your confidence by searching all your content sets in one platform.

To sync your account:

  1. Select Integrations on the left-hand sidebar of the platform

  2. Select Box

  3. Click Connect Box to be redirected to an authorization window where you may sign in.

  4. Once authorized, you will be able to select the folders you want to automatically sync to AlphaSense

Considerations

  • Depending on your organization's settings, you might need to get in contact with your Box administrator

  • Both new and existing folders will default to being auto-synced

  • Updates to previously uploaded, editable files (ex: Word, Excel, etc) will not overwrite highlights/annotations made in AlphaSense.

Bulk / Programmatic Uploads

SFTP

What is it?

The SFTP solution is crafted to facilitate swift uploads of substantial data volumes within the AlphaSense platform. It streamlines the process of importing content from shared network drives, ensuring seamless transfers without interruptions or the need for manual interventions. Additionally, it empowers users to sync multiple folders from a Windows machine directly into the AlphaSense platform.

For more details around the Installation guide, please refer the below document: https://download.alpha-sense.services/sftp-sync/SFTP%20Sync%20Installation%20Guide.pdf

Who is it suited for?

The SFTP solution is ideal for customers aiming to transfer significant volumes of their internal content without the necessity to restore metadata linked to individual documents. Not requiring a dedicated technical team for setup, this solution also offers the advantage of enabling users to effortlessly utilize Auto-synchronization features for folders.

Features Capabilities:

  • Support Bulk Uploads

  • Auto Synchronization of Folders

  • Folder based Auto tagging

Limitations:

  • No Custom tags

  • No Custom Sharing

  • No custom Company tickers

  • Incapable to delete whole folder

Ingestion API

What is it?

The Ingestion API presents a streamlined solution utilizing API, facilitating the seamless upload of internal content in Bulk from the customers. This includes essential metadata linked to pertinent documents. Additionally, it empowers users by enabling attachment uploads and customized document sharing options.

Following the ingestion of internal content, the platform allows convenient access via search functionalities. Users can efficiently navigate and locate content by applying diverse filters and keyword searches within the AS platform.

Who is it suited for?

The Ingestion API is targeted towards customers seeking to migrate their internal content into AS, while preserving metadata and gaining enhanced control over document entitlements. Integration with the customer's internal content repository is imperative for leveraging the API's capabilities, necessitating a dedicated technical team from the customer's end to effectively utilize the Ingestion API features.

Requesting an API Key

To enhance the security and management of our services, we currently handle API key distribution through a manual request process. If you require an API key for either SaaS or Private Cloud application, please follow the steps below:

  1. Submit Your Request: Reach out to us via our designated contact channel (e.g., email, contact form). Please provide the following details:

    1. Organization Name: The name of your organization or company.

    2. Valid Email Address: An email address where we can send the API key and further instructions.

  2. Review Process: Our team will review your request to ensure compliance with our usage policies and terms of service.

  3. Key Issuance: Once approved, we will issue your API key and send it to the provided email address along with any necessary instructions and documentation.

Did this answer your question?