Security and Compliance
Bigeye is built to industry-leading security standards and follows enterprise-grade practices to deliver data observability while protecting your data and ensuring compliance.
Security Feature | Service or Standard |
---|---|
Security Certification | SOC 2 Type 2 Report |
Cloud Infrastructure Provider | AWS |
Employee Background Checks | Checkr |
SSO Provider | Auth0 |
Data Encryption | AES-256 at rest, TLS v1.2 or higher in transit |
Issue Tracker | Linear |
Web Application Vulnerability Protection | AWS WAF Security Automation |
Architecture
Bigeye is a fully managed SOC 2-compliant SaaS application.
Database connections
Bigeye offers two setup options to connect your data source: direct connection or via an in-network agent. For a simple and easy setup, use a direct connection as it requires you to allow-list Bigeye’s IP address, create a read-only service account in the data source, and add those credentials to Bigeye.
Alternatively, you can provision an agent in your network to allow Bigeye to connect to your data sources. This adds additional layers of security for your data source over a traditional direct connection. To know more about connection options, see Connect to Bigeye: Data Sources.
Connections
Bigeye connects to data sources using read-only accounts via JDBC.
When you use a direct connection, credentials to your data sources are stored on Bigeye servers hosted in AWS, are encrypted at rest, and cannot be accessed by Bigeye engineers.
When you use a network agent connection, credentials to your data sources are stored on your infrastructure and never shared with Bigeye.
Encryption
- Data at rest - Bigeye uses the third-party AWS-managed RDS that encrypts all of your data and metadata at rest. The cloud infrastructure uses the open standard AES-256 encryption to encrypt user and warehouse credentials.
- Data in transit - Bigeye uses encrypted connections (HTTPS and TLS) to protect the contents of data in transit.
AWS PrivateLink
If you want to use a direct connection with extra security measures, connect Bigeye to your AWS Virtual Private Cloud via Privatelink. This keeps all traffic between Bigeye and a data source internal to the AWS network and off of public networks. PrivateLink for AWS is available as part of Bigeye Enterprise.
Access Controls
Bigeye admins have flexible control over user access in the application.
SSO
Secure Sign-In via Okta, Ping Identity, and Azure AD is available for Bigeye Enterprise customers.
Users, groups, and workspaces
Enterprises can organize their work in Bigeye using workspaces and groups to ensure that each team manages and monitors their data independently. To know more, see Manage your Team.
Data permissions
Bigeye connects to your data with read-only service accounts on your data sources. Bigeye only sees data that the service account has access to, giving you total control over what data can be monitored. Only users who have manage access to a workspace can add, edit, and delete connections to your data sources.
Data Security
Bigeye signs the Master Software Agreement with the customer to ensure their data privacy as well as to protect the security of its application.
Aggregates
Bigeye only collects aggregated statistics, query logs, and metadata about your data to perform monitoring and anomaly detection. All the data is extracted into its cloud service, which ensures that data never leaves your production environment.
Security measures
Bigeye uses reasonable and appropriate technical and organizational safeguards on its Services designed to protect the confidentiality, integrity, and availability of Customer Personal Data that may be in Bigeye's custody.
Security incident notification
If Bigeye becomes aware of a Security Incident, Bigeye shall notify the Customer without undue delay by email or, if the email is unavailable, by phone.
Organization Information Security
Bigeye has a formal and approved information security program. It has defined internal policies and procedures to guide employees in data protection and privacy-related checks.
Privacy and security training
Bigeye employees engage in privacy and security training during onboarding and must take the training annually thereafter. All Bigeye personnel must acknowledge, electronically, that they have attended training and understand the security policy.
Hiring and termination policies
Bigeye follows documented procedures in response to changes in employment and/or termination, including the timely revocation of access and return of assets.
Background checks
All Bigeye employees have background checks run through an industry-standard third-party service, Checkr.
Confidentiality agreements
Bigeye requires all employees and contractors to sign an NDA as a condition of employment.
System Access and Authorization Control Policy
Access to account data is limited to a set of users with their assigned responsibilities. Additionally, Bigeye has various tools to help keep all systems secure.
Access restrictions
Bigeye follows need-to-know principles and limits access to its systems to ensure that only its Information Security Team and Chief Technology Officer can access customer data during incident response processes.
Vulnerability scans
Bigeye conducts code reviews and performs vulnerability scans on all dependencies as part of its software engineering practices.
Data processing addendum
Bigeye can provide a DPA on request.
Penetration testing
Bigeye engages a third party to perform an annual penetration test over the application layers of the platform.
Acceptable use policy
Bigeye has a formally enforced Acceptable Use Policy for computer use that meets SOC 2 Type 2 Requirements.
Updated 9 months ago