Bigeye is built to industry-leading security standards and follows enterprise-grade practices to deliver data observability while protecting your data and ensuring compliance.
|Security Feature||Service or Standard|
|Security Certification||SOC 2 Type 2 Report|
|Cloud Infrastructure Provider||AWS|
|Employee Background Checks||Checkr|
|Data Encryption||AES-256 at rest, TLS v1.2 or higher in transit|
|Web Application Vulnerability Protection||AWS WAF Security Automation|
Bigeye is a fully managed SOC 2-compliant SaaS application.
Bigeye offers two setup options to connect your data source: direct connection or via an in-network agent. For a simple and easy setup, use a direct connection as it requires you to allow-list Bigeye’s IP address, create a read-only service account in the data source, and add those credentials to Bigeye.
Alternatively, you can provision an agent in your network to allow Bigeye to connect to your data sources. This adds additional layers of security for your data source over a traditional direct connection. To know more about connection options, see Connect to Bigeye: Data Sources.
Bigeye connects to data sources using read-only accounts via JDBC.
When you use a direct connection, credentials to your data sources are stored on Bigeye servers hosted in AWS, are encrypted at rest, and cannot be accessed by Bigeye engineers.
When you use a network agent connection, credentials to your data sources are stored on your infrastructure and never shared with Bigeye.
- Data at rest - Bigeye uses the third-party AWS-managed RDS that encrypts all of your data and metadata at rest. The cloud infrastructure uses the open standard AES-256 encryption to encrypt user and warehouse credentials.
- Data in transit - Bigeye uses encrypted connections (HTTPS and TLS) to protect the contents of data in transit.
If you want to use a direct connection with extra security measures, connect Bigeye to your AWS Virtual Private Cloud via Privatelink. This keeps all traffic between Bigeye and a data source internal to the AWS network and off of public networks. PrivateLink for AWS is available as part of Bigeye Enterprise.
Bigeye admins have flexible control over user access in the application.
Secure Sign-In via Okta, Ping Identity, and Azure AD is available for Bigeye Enterprise customers.
Users, groups, and workspaces
Enterprises can organize their work in Bigeye using workspaces and groups to ensure that each team manages and monitors their data independently. To know more, see Manage your Team.
Bigeye connects to your data with read-only service accounts on your data sources. Bigeye only sees data that the service account has access to, giving you total control over what data can be monitored. Only users who have manage access to a workspace can add, edit, and delete connections to your data sources.
Bigeye signs the Master Software Agreement with the customer to ensure their data privacy as well as to protect the security of its application.
Bigeye only collects aggregated statistics, query logs, and metadata about your data to perform monitoring and anomaly detection. All the data is extracted into its cloud service, which ensures that data never leaves your production environment.
Bigeye uses reasonable and appropriate technical and organizational safeguards on its Services designed to protect the confidentiality, integrity, and availability of Customer Personal Data that may be in Bigeye's custody.
Security incident notification
If Bigeye becomes aware of a Security Incident, Bigeye shall notify the Customer without undue delay by email or, if the email is unavailable, by phone.
Bigeye has a formal and approved information security program. It has defined internal policies and procedures to guide employees in data protection and privacy-related checks.
Privacy and security training
Bigeye employees engage in privacy and security training during onboarding and must take the training annually thereafter. All Bigeye personnel must acknowledge, electronically, that they have attended training and understand the security policy.
Hiring and termination policies
Bigeye follows documented procedures in response to changes in employment and/or termination, including the timely revocation of access and return of assets.
All Bigeye employees have background checks run through an industry-standard third-party service, Checkr.
Bigeye requires all employees and contractors to sign an NDA as a condition of employment.
Access to account data is limited to a set of users with their assigned responsibilities. Additionally, Bigeye has various tools to help keep all systems secure.
Bigeye follows need-to-know principles and limits access to its systems to ensure that only its Information Security Team and Chief Technology Officer can access customer data during incident response processes.
Bigeye conducts code reviews and performs vulnerability scans on all dependencies as part of its software engineering practices.
Data processing addendum
Bigeye can provide a DPA on request.
Bigeye engages a third party to perform an annual penetration test over the application layers of the platform.
Acceptable use policy
Bigeye has a formally enforced Acceptable Use Policy for computer use that meets SOC 2 Type 2 Requirements.
Updated about 1 month ago