Semantria Security Overview

Semantria is a SaaS (Software as a Service) sentiment and text analytics platform that analyzes your unstructured text to provide you with reliable and actionable insight to make informed business decisions. As such, to ensure that confidentiality and integrity of our customers’ data and information, security is paramount. Semantria uses Amazon Web Services (AWS).

AWS is equipped with the following physical security features:

Access Control and Physical Security

  • AWS data centers are housed in nondescript facilities
  • 24-hour security manned perimeter patrols and at building ingress points
  • Video surveillance
  • Intrusion detection systems
  • Minimum of two two-factor authentications needed to access data center floors
  • All visitors and contractors are required to present identification, signed in, and continually escorted by authorized staff.
 

Environmental Controls

  • Temperature and humidity control

Fire Detection and Suppression

  • Smoke detection sensors in all Amazon data center environments, mechanical and electrical infrastructure spaces, chiller rooms, and generator equipment rooms
  • Wet-pipe, double-interlocked pre-action and gaseous sprinkler systems

Semantria’s digital security architecture includes the following features:

Customer Data Security

  • API request authentication is done through a custom authentication mechanism
    • All API requests are signed with a unique signature using a SHA1 algorithm
    • API keys and secret are encoded in unique 128 bit sequences which are difficult to decipher
    • MD5 hash function of keys and secret are kept on the server instead of the actual credentials
  • All data communication is done through a HTTPS connection
    • 2048 bit RSA keys that allow for 256 bit and 128 bit encryption formats are used
    • SHA1 or MD5 for message authentication
    • DHE-RSA as the key exchange mechanism
  • In-memory (RedisIO) databases are used to temporally store customer data
    • Customer data is kept on servers for a few seconds as it passes through the different stages of analysis
    • N+1 redundancy scheme used for all key system components
    • Customer data is never permanently written on a hard drive
  • Customer data is immediately deleted from servers when:
    • The data has been picked up by the customer
    • The data has not been picked up within 24 hours
  • Semantria employees and contractors do not have access to customer data or API credentials in any form, under any circumstances
 

Network Protection

  • Amazon firewall prevents any unauthorized access to Semantria hosts
  • NAT hides Semantria’s internal Network topology
  • Service availability, traffic monitoring, and intrusion detection processes run 24/7 to monitor any suspicious Intranet network traffic.
  • ACL IP address white-listing is required
  • Remote server configuration is done via SSH
  • Constantly regenerating SSH keys are used to access remote servers, which are enveloped in a secure VPN network

Disaster Recovery

  • N+1 redundancy scheme used for all key system components
  • Semantria configuration database (NOT customer data) backups are made hourly and kept for a week
  • Extensively tested Amazon AMI backups are made upon deployment

Internal and Third-Party Testing Assessments

  • Semantria security has been reviewed and tested by the Salesforce.com Security Team
  • Semantria tests all code for security vulnerabilities before each release
  • PagerDuty is used for SaaS IT on-call management, alerting, and incident tracking
  • Document analysis and service quality scripts test Semantria servers every 15 minutes on all supported languages
 

Security Monitoring

  • 12 NOC engineers located between North America (EST) and Europe (GMT+2) are available 24/7 and continually monitor the Semantria network and service