Alpin's Commitment to Security
We help you secure your SaaS environment. That includes protecting your SaaS subscription and user data inside Alpin. We understand the sensitive and confidential nature of this information, and therefore, Alpin itself must be secure. We safeguard customer data through technologies, policies, and procedures expected by enterprise customers. This includes encryption, TLS, penetration testing, SOC 2 and ISO 27001-certified partners, a least-privileged access model, and more.
Alpin is the latest product from the team that built Logrr -- a cryptography-based identity and access management product for security-focused enterprises. This SSO + MFA product, like Alpin, was developed with security being paramount. Subjected to a four-week, four-person penetration test from one of the world’s largest financial institutions, Logrr earned a rare “green” report. Alpin continues that commitment to security.
Connections to Alpin employ Transport Layer Security (TLS) to protect and encrypt data communication. If you signed up for Alpin using your G Suite or Office 365 account, you will use OAuth 2.0 to access your account data. This open standard allows you to authorize Alpin to access your SaaS applications without sharing personal account credentials. Your passwords are never known, stored or shared with us. If you signed up for Alpin using an email address and password, we don’t store that password. Similarly, connections to SaaS applications integrated with Alpin use OAuth 2.0 or similar technologies to access those applications via APIs (application programming interfaces) that mean we never see your passwords.
We take a “defense in depth” approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. Our security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.
Data Center Security
Alpin’s Microsoft Azure servers are located within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. This includes perimeter defenses, controlled access, 24/7/365 monitoring and surveillance, on-site security staff, and regular security audits. Azure is certified and complies with SOC 1, SOC 2, ISO 27001, ISO 27018, ISO 22301, HIPAA, FedRAMP, and country-specific stands such as Australia RAP, UK-GCloud, and Singapore MTCS.
We isolate your data in multiple ways across our products, including separate databases for each customer, encryption, and session controls that allow each customer to access only their data.
Our site is subjected to independent, ongoing penetration testing, security scans, and threat detection reviews.
You authorize users who can access your organization’s data in Alpin. Such users must receive an invitation to join your Alpin instance, and access can be revoked at any time. Connecting to SaaS applications integrated with Alpin requires an enterprise admin with credentials for those applications to configure and approve each API connection.
We are committed to making Alpin consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.
We designed Alpin to grow with your business. Our high performance servers, networks and infrastructure ensure we can deliver quality service to you and all of our other customers.
We adhere to the principle of “least privilege,” and data is accessible only to authorized Alpin personnel as required to operate the service.
Confidentiality and Information Security
We provide training to all employees on our information security practices during their new hire orientation, with refresher courses given annually to keep staff current. As new threats emerge, or changes are made to our security practices, we communicate the changes and educates employees in a timely manner.
How You Can Help
If your account does not leverage the security of OAuth 2.0 via G Suite and Office 365, require your employees to set strong passwords to access your Alpin instance.
Protect your employees from phishing attacks through email filtering and registering alpin.io as a trusted email source. If you receive a suspicious email, make sure you:
- Do not click on any link or attachment contained in the email.
- Do not reply to the email.
- Report the email by forwarding it to firstname.lastname@example.org if it is Alpin-branded.
- Delete the email.
- Update your antivirus and anti-malware systems and run a full scan on your computer.