Amplify Content Discovery with Customer-Managed Keys

The benefits of encryption have been established beyond doubt. However, some companies have stricter requirements on how encryption keys are managed and who has access to them, whether as a result of a strict compliance environment, or the need for extra layers of security for sensitive data .

While AlphaSense has a robust process to oversee the security keys we use to encrypt our customers’ content, we are always looking for opportunities to provide several options to protect your data.

As part of that initiative, to provide extra layers of security and the ability to better leverage internal content, Customer-Managed Encryption Keys (CMKs) are now available to clients. This option allows you to bring your own encryption keys into AlphaSense and encrypt the data your organization uploads to the platform. In this model, organizations retain the ownership and management of encryption keys.

AlphaSense-Managed Encryption Keys

AlphaSense customers have uploaded their proprietary content into our platform for many years. Accordingly, protecting and safe-guarding this sensitive information has been our utmost priority. We ensure that every client’s information is securely stored in isolated object storage buckets like AWS Simple Storage Service (S3), and is encrypted at-rest and in-use. You can read more about our data security and encryption process here.

Enterprise-grade security infrastructure ensures compliance with global data security standards, including:

• ISO/IEC 27001 certification
• SOC 2 compliant
• Accredited third-party penetration testing
• Client content automatically encrypted using AES 256
• GDPR compliant

We also have a robust process in place to manage our encryption keys. This oversight includes generating, deploying, storing, archiving, and deleting keys. Additionally, we perform other important management functions such as rotating, replicating, and backing up keys.

While service providers like AlphaSense can manage the encryption process and clients can realize benefits such as cost savings and lower overhead expense, ultimately the customer does not own or control the encryption or the encryption keys.

With customer-managed encryption, also known as bring-your-own-key (BYOK), clients have the option to control the encryption of data at-rest using their own keys at the application level.

The Case for Customer-Managed Encryption Keys

With AlphaSense’s Customer-Managed Encryption Keys (CMK), the encryption keys used to encode and decode your proprietary data reside solely within the control of your organization’s IT and Infosec teams, offering a layer of protection against third-party access.

This feature ensures that customers using the CMK option have full control over their data security while leveraging our platform. As a result, they can exercise control and revoke their organization’s keys at will, further enhancing data confidentiality and compliance with regulatory requirements. 

Benefits of Customer-Managed Encryption 

• Enhanced Data Security: By retaining ownership of encryption keys, organizations can fortify their data security posture and mitigate the risk of unauthorized access or data breaches.
  
• Regulatory Compliance: Many industries are subject to stringent data protection regulations, such as GDPR (General Data Protection and Regulation) and HIPAA (Health Insurance Portability and Accountability Act). Customer-owned encryption enables organizations to ensure compliance with regulatory requirements by exercising direct control over encryption keys.
  
• Data Sovereignty: For organizations operating in regions with strict data sovereignty laws, customer-owned encryption along with storing content in their own object storage bucket—like S3—offers a means of preserving data residency and sovereignty.
  
• Mitigation of Third-Party Risks: Customer-owned encryption empowers organizations to reduce dependency on external entities and mitigates the potential consequences of exposures or breaches.

How do AlphaSense Customer-Managed Keys Work? 

Effective key management encompasses a process of key generation, storage, distribution, rotation, and revocation—all of which are crucial for maintaining the integrity and confidentiality of encrypted data. AlphaSense customers with an Enterprise Intelligence license will receive access to the AlphaSense AWS Key Management Service (KMS) module to securely create and grant access to their Customer Master Key (CMK) as shown below. 

With this setup, AlphaSense can perform the encryption on your data that is uploaded to our platform. We have a comprehensive guide to help IT and Infosec teams configure this process with a few simple steps. Check out our Developer Portal for detailed documentation.

Bring Your Own S3 Bucket for Storage

In addition to allowing clients to own and manage encryption keys, AlphaSense now also offers the option to securely store proprietary content within your own S3 bucket, managed by your organization’s cloud operations team.

With this option we store uploaded content in an AWS S3 bucket that you have provisioned for AlphaSense within your own AWS infrastructure. Permissions to this S3 bucket are shared only with the AlphaSense application for the purpose of indexing and opening the content when requested by your users. Our Client Data Encryption Guide provides the necessary settings for your AWS account and our own configurations to enable this option.

User Authentication and Data Transmission Security

AlphaSense supports SAML 2.0 and uses OAuth2 standard authorization. User authentication data is stored in the application’s internal database. All end user communication to AlphaSense servers is via HTTPS secure web protocol and is secured behind a user-authenticated login process. All user requests are authenticated using one-way encryption against a highly secure database, and by named servers with specific access keys.

Connections to the AlphaSense website are encrypted and authenticated using TLS 1.2, ECDHE_RSA with P-256, and AES_128_GCM. User data is stored with scrambled names mapped to user-specified names through a second secure mapping layer. This ensures that in the unlikely event of a breach, an intruder will be unable to ascertain file names or view any content. For data in transit, SSL encryption is used to secure the transport of sensitive data across the following environments:

• SSL encryption on TCP
• Web-based content and applications using port TCP 443 (HTTPS)
• Secure SES for alerts and incoming emails

Maximize Content Discovery Without Compromising Security

AlphaSense is continuously rolling out data hosting options and encryption mechanisms to offer flexibility in how our customers protect their proprietary content. Combining these new features with our existing network and data transmission security standards positions AlphaSense as a leading provider of secure knowledge discovery capabilities for the modern enterprise.

AlphaSense’s Enterprise Intelligence offering solves the problem of fragmented internal knowledge that many investment teams and organizations face, serving as a secure market intelligence solution that layers AI search and summarization technology onto a consolidated library of both your proprietary internal research and premium market intelligence content.

With Enterprise Intelligence, you can unlock the value of your firm’s prized institutional knowledge buried in PDFs, SharePoint documents, CIMs and Excel sheets. It allows your organization to centralize siloed research workflows, prevent research duplication, and make more informed, data-driven investment decisions.

Harness the power of genAI and competitively position your team—start your free trial of Enterprise Intelligence today.