Alation customers include large global enterprises in financial services, healthcare, insurance, and technology. These companies are subject to rigorous internal and external regulations and information security standards. They are able to continue meeting their security and compliance objectives with Alation as an integral part of their environment—both by applying organization-specific controls and by leveraging the strength of Alation’s product and operational security.
Alation is installed in a secure network behind a firewall either on-prem or in a cloud. Users authenticate through LDAP or SAML allowing for SSO. Within the data catalog, users are restricted to what metadata and data they can see. Finally, Alation uses industry-standard encryption with NIST-recommended algorithms to protect both data at rest (AES256) and in motion (TLS 1.2).
Alation has made deep investments in security and privacy and complies with industry best practices. We have adopted and certified against ISO 27001:2013 framework as a baseline security standard. Our operational security consists of:
- Business Continuity and Disaster Recovery Management
- Organizational and Operational Security
- Secure System Development Life Cycle
- Third-Party Risk Management
- People Operations Security
- Incident Management
- Asset Management
- Access Control
Risk and Vulnerability Management
Alation employs static code analysis, dynamic code analysis, and vulnerability scanners as part of its development and environment maintenance to discover vulnerabilities. Additionally, Alation Corp goes through a penetration test twice annually, maintaining risk management that captures business and third-party risk. We review every third party that is introduced into our infrastructure and conduct annual risk assessments.
Privacy and Compliance
Alation Corp does not store customers’ underlying data. Data acquired through trials and sales is kept in house and not sold to a third party.
Alation Corp complies with local privacy laws and regulations like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). All personal data requests can be routed to firstname.lastname@example.org.
The management of the information security program to protect all the assets used for design, development, and support of data cataloging software is ISO 27001 certified as of January 29, 2020. Alation’s ISO 27001 certification is available here.