Security - CloudBees Feature Management

Learn how CloudBees Feature Management is making sure you are safe and your customer data is private

Customer Data Security

CloudBees Feature Management does not have access or save end user data CloudBees Feature Management does not have access or save end user data, including any end user Personally Identifiable Information (PII), CloudBees Feature Management architecture is built around privacy, targeting specific end users happens on the client slide (mobile app, web app or a backend system) with locally available attributes and is never transmitted back to CloudBees Feature Management. Data Transfer All data transmission from and to the CloudBees Feature Management Agent (SDK), is secured via 128bit SSL encryption using a 2048bit RSA encryption key. Data verification and Man-in-the-middle attacks CloudBees Feature Management is the only solution that uses Private/Public keys to verify that the data received by the SDK is indeed the data sent by CloudBees Feature Management, securing the platform against Man-in-the-middle.

Instance and Network Security

Authentication Access to the CloudBees Feature Management dashboard is secured using a username, password, and 2FA (Two Factor Authentication). Passwords are encrypted with an AES-256 hash and random salt. Instance and Network Security AWS VPC, VPN, subnets and security groups: AWS VPC is an isolated private network dedicated for CloudBees Feature Management. Running our system in a VPC, VPN, subnets and security groups (firewalls) adds an additional layer of security. CloudBees Feature Management VPC uses network access control that limits the access from the internet only to a limited set of resources. CloudBees Feature Management backend services could only be accessed by a secured VPN connection which is available only to a small group of individuals with the applicable internal credentials, 2FA and private access keys.

Physical Data Center Security

Physical Access CloudBees Feature Management relies on the Amazon cloud’s exceptionally flexible and secure cloud infrastructure to store data logically across multiple AWS cloud regions and availability zones. AWS makes abiding by industry and government requirements simple and ensures the utmost in data security and protection. For example, AWS infrastructure aligns with IT security best practices and follows a number of compliance standards such as: SOC 1/SSAE, 16/ISAE 3402 (formerly SAS 70 Type II), HIPPA, SOC 2, SOC 3, FISM, DIACAP, FedRAMP. All data centers that run CloudBees Feature Management are secured and monitored 24/7, and physical access to AWS facilities is strictly limited to select AWS cloud staff. (For more information about AWS’ secure architecture and compliance certifications, visit: http://aws.amazon.com/security).

EU Data Protection

EU Data Hosting CloudBees Feature Management is committed to supporting its customers’ security, privacy and regulatory compliance requirements worldwide. We offer EU regional support and customers have the choice of keeping their target groups, flags and configuration data for their infrastructure and applications in Europe (Ireland). GDPR Compliance CloudBees Feature Management is fully compliant with GDPR regulations at the application level, in addition to general CloudBees compliance to GDPR company-wide.

 

Security Auditing

CloudBees Feature Management undergoes 3rd party security auditing (by Appsec-Labs) which includes periodic penetration testing & vulnerability scanning.

 

SOC2 Type II

CloudBees Feature Management is  SOC 2 type II compliant.

According to the American Institute of CPAs (AICPA), a SOC 2 report is ideal for SaaS and cloud service organizations that want to assure customers that their information is secure and will be available whenever needed. A SOC 2 report also helps organizations to establish the effectiveness of any controls that may be required by their governance process.