Over the years, we have occasionally encountered questions regarding our internal security protocols and access to users’ intellectual property (IP). We recognize that users trust us with their time, money, and oftentimes their financial future when they use our platform. So for both current users and for future ones, I’d like to go into more detail on our security efforts. 

From a high level, compromising our users’ IP goes against everything we value. We started QuantConnect to bring radical openness to quantitative finance and we live that every day. If you’ve reached out to us for support or chatted with us on our forums, on Slack, or on any of our other channels, you know us personally — we don’t hide behind web anonymity. And this isn’t just lip service — our business model depends on the success of our users, not meta-data we mine from them. We are quants ourselves, and we’re proud to be a part of this community. 

Of course, this philosophy has to be backed up by institutional safeguards. QuantConnect has developed robust internal processes to ensure the security of our users’ IP. We evaluate the risks and protect from IP theft all the way from the top (web) to the bottom (bare metal), from the inside (team) to the outside (external partners).

  1. We protect users on the web level through penetration testing, where developers seek to find vulnerabilities in our systems. We continuously engage and iterate on these testing procedures and build “active defense” technology to thwart attacks. 
  1. Our physical servers are hosted at Equinix data centers, which feature secure access lists and checkpoints, vetted security personnel, 24/7 video surveillance, and all the other things that merit Fort Knox comparisons. These state-of-the-art facilities are trusted by all the major cloud providers — Amazon, Google, IBM, Microsoft, and Oracle —  as well as scores of financial exchanges, tech providers, and trading groups, including Cboe Global Markets, NYSE, Bloomberg, and Nasdaq.
  1. Internally, we limit, control, and log all system access. Only two founders have root access and we enforce a rigid separation of roles within the company. Even if one of our employees had malicious intent, they would not be capable of stealing IP from the community. Moreover, we have company policies preventing any personal trading by support staff with access to private user code.
  1. We vet our infrastructure providers and limit their ability to inspect what the community is doing, requiring supervised maintenance with a member of the QuantConnect team. Furthermore, we only work with trusted network technicians. We have strict IP and non-reverse engineering clauses to protect against firms stealing from the Alpha Streams market, and we only work with firms that have their own rigorous internal compliance departments.

We continue to take a proactive approach to all security measures. Currently, QuantConnect is building code encryption features that allow you to have a local key that encrypts the code before storage. You will need the key to run backtests and deploy live algorithms. 

Ultimately, it comes down to trust and we know we can't win over everyone. So, if you still have concerns, you can self-host our fully open-source algorithmic trading engine, LEAN. Our commitment is to bring radical openness to all of quantitative finance, and that extends beyond our website users.

Of course, if you self-host, you sacrifice the convenience, reliability, reduced/aggregated costs, and simplicity we provide, not to mention our compute power and cloud storage capabilities. Provided all in one place with a scalable subscription model to match your needs — think of it like AWS for quants — it’s these services on top of LEAN that make QuantConnect the best platform for quantitative traders.

We've been here since 2011 and we are trusted by more than 110,000 engineers and quants around the world — including a growing number of emerging funds. Security remains top of mind as we continue to support and grow the Quant Community.

Author