Neelesh Vaikhary, CTO and co-founder at Albert Invent, is a seasoned technology pioneer with over 20 years’ experience building SaaS solutions for global B2B and B2C companies. Well versed in engineering powerful and deeply secure large-scale SaaS systems, Neelesh shares insights on how he designed Albert’s end-to-end R&D platform, which puts data security front, center, and everywhere in between.
In today’s rapidly evolving innovation marketplace, the allure of predictive analytics, Artificial Intelligence (AI) and Machine Learning (ML) often steal the spotlight. And, with good reason, of course. However, we can’t lose sight of the platforms, technologies, and processes that make our innovations possible and keep them safe.
In this discussion with Albert’s CTO, Neelesh Vaikhary, he shares how Albert went to painstaking lengths to ensure our end-to-end R&D platform not only delivers powerful and productive data insights but also is a rock-solidly reliable and secure foundation for our customer’s innovation processes. He talks about how intellectual property (IP) security and protection were always an integral part of the design of our platform from the very first days, as well as three standout security features that are unique to Albert.
Why was security so important when designing Albert?
One word: trust. If companies are going to process their most important intellectual property (IP) asset—R&D data—in a digital platform, they need to trust it will be safe, not only from outside threats but also from being accidentally lost or tampered with as scientists go about their work. R&D labs are constantly generating valuable IP, which—if left in the wrong hands—could severely compromise a company’s competitive advantage and—if lost or compromised—could set a company’s research and innovation pipeline back months, if not years. Our platform can deliver all the exciting Artificial Intelligence (AI) and Machine Learning (ML) bells and whistles, but if it doesn’t protect your invaluable data at every step of the R&D process, then the rest of it doesn’t matter.
Even though customers weren’t necessarily asking for top-shelf IP security when they came to us, we knew it was table stakes. So, we engineered Albert in a way that gives customers a very secure infrastructure, while also offering high performance and efficient value.
Albert CTO, Neelesh Vaikhary, spent decades honing his data security skills building airtight, secure systems for global organizations including consumer solutions for banks and brokerage firms and enterprise solutions for B2B applications.
How does Albert secure IP data throughout the process?
We safeguard our customer’s data in three different ways:
1. When Data Is at Rest: This is when the data is just there being stored, doing nothing. The first thing we do is make sure each of our customer’s data is physically isolated and managed in their own cloud accounts and then encrypted using their own encryption key to encrypt and decrypt all stored data.
That means each customer’s data is not just logically partitioned from one another, but also physically partitioned. This is a big deal. This level of physical security tends to be much more cost-prohibitive, but Albert found a way to bring this benefit to customers in an affordable way, by engineering our multi-tenant platform so we can share the infrastructure, but the data is physically isolated.
Each customer’s key is certified at FIPS 40-2 Level 2 overall with Level 3 (highest level) for several categories, including physical security. Keys and backups are created and managed in separate accounts for added security.
2. When Data Is in Motion: This is when we are transferring data to and from different parts of the platform and devices. Albert makes sure all connections to and from the Albert platform happen over an encrypted channel of TLS 1.2 and above, using 2048-bit RSA keys and AES encryption. In this way, no one who isn’t supposed to have the data can decrypt it.
Albert is also working with a top lab machine manufacturer to successfully pilot a secure data communication protocol between the Albert platform and lab equipment to enable easy and secure internet of things (IOT) automation.
3. When Data Is in Use: This is when data is being actively worked on, processed, or transformed. First, we have strict access control (granular User Access Control), which restricts data access to only the authorized users based on their role, type, and resource policy. Access to personal and confidential resources must be explicitly granted by the resource owners.
On top of that, we went to great lengths to ensure the software design and deployment process is secure. Albert uses keyless deployment, which is a real standout security feature that Albert offers its customers. Keyless deployment deploys applications without embedding sensitive credentials or encryption keys directly into the codebase. Instead, these credentials are managed and stored separately, often in secure environments or configuration files.
This is important, because it reduces the risk of exposing them accidentally or through code vulnerabilities, minimizing the attack surface and making it more challenging for malicious actors to gain unauthorized access to critical information. It also makes it easier to manage keys, which is particularly important in the event of a security breach or when an employee with access leaves the organization. And, by restricting direct access to sensitive credentials within the codebase, it reduces the risk of insider threats, as developers and other team members do not need to be exposed to critical information during the development process.
In addition, we have robust processes for testing our systems for security threats. We scan for the latest cybersecurity threats on a continuous basis and bombard our endpoints in real-time to make sure our site is not compromised with those vulnerabilities.
Last but not least, Albert’s web application firewall is extremely secure, implementing OWASP’s top 10 vulnerability detection and prevention, making sure the most critical known security threats are blacklisted.
Why is having an API-first approach to system design important for data security?
Albert is built API-first, which means all access to Albert’s data only happens via the set of APIs. Why this is important from a security standpoint and a key differentiator for Albert is that it allows us to have an audit trail. And this is super important for R&D. Let’s say, for example, that someone accidentally modified a formula in the system. If you don’t have an audit trail, you won’t be able to go back and look at the history to access the formula data before the modification. With an API-first approach, you can see the history and all modifications with a timestamp, so no data or changes are ever lost.
What are you most proud of when it comes to Albert’s platform?
Albert completed the process for ISO 27001 certification, the world’s top standard for information security management systems, and expects to be officially certified in the coming weeks. This is not an easy certification to achieve by any stretch of the imagination, so I’m very proud of it. I believe it speaks to Albert’s “leave no stone unturned” approach to data security.
Beyond that, I’m just really excited for more R&D organizations in the Chemistry and Materials Science space to experience Albert. Our platform has the best of all worlds.
First, it’s tailored to R&D and Chemistry and Materials Science. We came from this industry, so we know what it takes to make a system that scientists, innovators, and business leaders will love. We also know that R&D data is much different than other enterprise data due to the massive volume and pace of ever-changing discrete data being generated as scientists do their research. We accounted for that in our infrastructure, so no data is left behind.
Second, we built Albert so it runs and scales beautifully. Albert is not your ordinary SaaS enterprise software. We built Albert with a more consumer-grade approach, which means it can grow and scale as our customers’ innovation demands increase and as they harness the benefits of AI and ML. And it does so with incredible speed, cost-efficiency, and performance.
And finally, we do all of this in an ultra-secure environment that customers can trust.