Learn how CloudBees Feature Management is making sure you are safe and your customer data is private
Customer Data Security
CloudBees Feature Management does not have access or save end user data– CloudBees Feature Management does not have access or save end user data, including any end user Personally Identifiable Information (PII), CloudBees Feature Management architecture is built around privacy, targeting specific end users happens on the client slide (mobile app, web app or a backend system) with locally available attributes and is never transmitted back to CloudBees Feature Management.
Data Transfer– All data transmission from and to the CloudBees Feature Management Agent (SDK), is secured via 128bit SSL encryption using a 2048bit RSA encryption key.
Data verification and Man-in-the-middle attacks– CloudBees Feature Management is the only solution that uses Private/Public keys to verify that the data received by the SDK is indeed the data sent by CloudBees Feature Management, securing the platform against Man-in-the-middle.
Instance and Network Security
Authentication – Access to the CloudBees Feature Management dashboard is secured using a username, password, and 2FA (Two Factor Authentication). Passwords are encrypted with an AES-256 hash and random salt.
Instance and Network Security – AWS VPC, VPN, subnets and security groups: AWS VPC is an isolated private network dedicated for CloudBees Feature Management. Running our system in a VPC, VPN, subnets and security groups (firewalls) adds an additional layer of security. CloudBees Feature Management VPC uses network access control that limits the access from the internet only to a limited set of resources. CloudBees Feature Management backend services could only be accessed by a secured VPN connection which is available only to a small group of individuals with the applicable internal credentials, 2FA and private access keys.
Physical Data Center Security
Physical Access – CloudBees Feature Management relies on the Amazon cloud’s exceptionally flexible and secure cloud infrastructure to store data logically across multiple AWS cloud regions and availability zones. AWS makes abiding by industry and government requirements simple and ensures the utmost in data security and protection. For example, AWS infrastructure aligns with IT security best practices and follows a number of compliance standards such as: SOC 1/SSAE, 16/ISAE 3402 (formerly SAS 70 Type II), HIPPA, SOC 2, SOC 3, FISM, DIACAP, FedRAMP. All data centers that run CloudBees Feature Management are secured and monitored 24/7, and physical access to AWS facilities is strictly limited to select AWS cloud staff. (For more information about AWS’ secure architecture and compliance certifications, visit: http://aws.amazon.com/security).
CloudBees Feature Management undergoes 3rd party security auditing (by Appsec-Labs) which includes periodic penetration testing & vulnerability scanning.
SOC2 Type II
CloudBees Feature Management is SOC 2 type II compliant.
According to the American Institute of CPAs (AICPA), a SOC 2 report is ideal for SaaS and cloud service organizations that want to assure customers that their information is secure and will be available whenever needed. A SOC 2 report also helps organizations to establish the effectiveness of any controls that may be required by their governance process.