Security

Alpin's Commitment to Security

We help you secure your SaaS environment. That includes protecting your SaaS subscription and user data inside Alpin. We understand the sensitive and confidential nature of this information, and therefore, Alpin itself must be secure. We safeguard customer data through technologies, policies, and procedures expected by enterprise customers. This includes encryption, TLS, penetration testing, ISO 27001-certified partners, a least-privileged access model, and more.

Alpin is the latest product from the team that built Logrr — a cryptography-based identity and access management product for security-focused enterprises. This SSO + MFA product, like Alpin, was developed with security being paramount. Subjected to a four-week, four-person penetration test from one of the world’s largest financial institutions, Logrr earned a rare “green” report. Alpin continues that commitment to security.

Platform

Connection Security

Connections to Alpin employ Transport Layer Security (TLS) to protect and encrypt data communication. If you signed up for Alpin using your G Suite or Office 365 account, you will use OAuth 2.0 to access your account data. This open standard allows you to authorize Alpin to access your SaaS applications without sharing personal account credentials. Your passwords are never known, stored or shared with us. If you signed up for Alpin using an email address and password, we don’t store that password. Similarly, connections to SaaS applications integrated with Alpin use OAuth 2.0 or similar technologies to access those applications via APIs (application programming interfaces) that mean we never see your passwords.

Network Security

We take a “defense in depth” approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. Our security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.

Data Center Security

Alpin’s Microsoft Azure servers are located within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. This includes perimeter defenses, controlled access, 24/7/365 monitoring and surveillance, on-site security staff, and regular security audits. Azure is certified and complies with SOC 1, SOC 2, ISO 27001, ISO 27018, ISO 22301, HIPAA, FedRAMP, and country-specific stands such as Australia RAP, UK-GCloud, and Singapore MTCS.

Data Segregation

We isolate your data in multiple ways across our products, including separate databases for each customer, encryption, and session controls that allow each customer to access only their data.

Vulnerability Testing

Our site is subjected to independent, ongoing penetration testing, security scans, and threat detection reviews.

User Control

You authorize users who can access your organization’s data in Alpin. Such users must receive an invitation to join your Alpin instance, and access can be revoked at any time. Connecting to SaaS applications integrated with Alpin requires an enterprise admin with credentials for those applications to configure and approve each API connection.

Availability

We are committed to making Alpin consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.

Scalability

We designed Alpin to grow with your business. Our high performance servers, networks and infrastructure ensure we can deliver quality service to you and all of our other customers.

Practices

Data Access

We adhere to the principle of “least privilege,” and data is accessible only to authorized Alpin personnel as required to operate the service.

Confidentiality and Information Security

We require all employees and contractors to sign and abide by non-disclosure confidentiality agreements, and to comply with our information security policies. We include provisions in our Master Subscription Agreement and Privacy Policy to protect your information, prohibiting us from disclosing customer data without written consent, except where required by law.

Training

We provide training to all employees on our information security practices during their new hire orientation, with refresher courses given annually to keep staff current. As new threats emerge, or changes are made to our security practices, we communicate the changes and educates employees in a timely manner.

Privacy

Privacy Policy

Alpin’s Privacy Policy, which describes how we handle data input into Alpin, can be found at alpin.io/privacy.

Master Subscription Agreement

Our Master Subscription Agreement, which describes our commitments to you as a customer, can be found at alpin.io/master-subscription-agreement.

How You Can Help

Reporting

Your help with identifying potential issues and ways to improve our service is always appreciated. If you have identified a vulnerability, please send a report to security@alpin.io.

Passwords

If your account does not leverage the security of OAuth 2.0 via G Suite and Office 365, require your employees to set strong passwords to access your Alpin instance.

Client Security

Secure your systems by keeping your browsers up to date. Protect your desktops, notebooks, and mobile devices from attack by keeping your operating systems and antivirus and anti-malware systems current.

Phishing

Protect your employees from phishing attacks through email filtering and registering alpin.io as a trusted email source. If you receive a suspicious email, make sure you:

  • Do not click on any link or attachment contained in the email.
  • Do not reply to the email.
  • Report the email by forwarding it to security@alpin.io if it is Alpin-branded.
  • Delete the email.
  • Update your antivirus and anti-malware systems and run a full scan on your computer.