We protect your data

Cloud security at AWS is the highest priority. As an AWS customer, you benefit from a data center and network architecture that is built to meet the requirements of the most security-sensitive organizations.

Data protection
HTTPS protection

HTTPS protection

Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS.

Updated infrastructure

Updated infrastructure

Our software infrastructure is updated regularly with the latest security patches.

Sophisticated security

Sophisticated security

Our state-of-the-art servers are protected using the latest AWS technologies.

Data protection

Context for each customer

Each user in BluInsights has a unique, password-protected account with a verified email address.

Each password is validated against strong policies and stored securely using a strong hashing algorithm with a unique salt for every password.

Passwords have also an expiration date and must be changed regularly to prevent from being compromised.

To prevent brute force attacks, the number of login attempts is limited. Above 5 trials, the account is disabled.

Finally, Multi-Factor Authentication is set up to strengthen each user account protection.

 

Tenant Isolation

Saas

Saas

BluInsights is a multi-tenant SaaS application. Even though customers are sharing a common IT infrastructure, they are segregated so that the actions of one tenant cannot compromise the data or service of another tenant.

Each customer’s data is kept logically segregated from other tenants when at rest.

Context for each customer

Context for each customer

BluInsights works by storing a context for each customer. This context includes a range of information linked with that tenant.

E.g. which databases the tenant is in, what licenses the tenant has, what features they can access, what projects are authorized, etc.) and unique encrypted credentials.

Anti data theft

Anti data theft

When a customer accesses BluInsights, a tenant ID is used to collate all required information. Then, it is linked with any operation the tenant undertakes throughout their session.

This ensures that one customer tenant does not access data of another tenant – nor for one tenant to affect the service of another tenant.

The privacy of your data — and it is your data, not ours! — is a big deal to us. We’ll only ever access your account to help you with a problem or squash a software bug. We’ll never open any file unless you ask us to. We log all access to accounts by IP address, so we can always verify that no unauthorized access has happened for as long as the logs are kept.

Data Sharing and Role-Based Access Control

 

A BluInsights project owner manages and controls individual user rights by granting specific types of user permissions. Customer data, including source code files and analysis, can only be accessed by other users within your BluInsights account if those items were specifically shared with them, or if the items were placed in a shared feature.

Data protection

BluInsights offers flexible data access control setup by allowing project owners to configure customized access roles, which offer the choice of more than 50 different permissions for user actions in BluInsights, and can be used to specify user access levels to certain features, actions and content.

Info

Security has always been a top priority and we have relentlessly pursued a robust and mature security strategy since the day the company was founded. We’ve been around the block and we’ve seen a lot of companies come and go. Security isn’t just about technology, it’s about trust. Over the past years, we’ve worked hard to earn the trust of hundreds of companies worldwide. We’ll continue to work hard every day to maintain that trust.

Data Sharing and Role-Based Access Control

A BluInsights project owner manages and controls individual user rights by granting specific types of user permissions.

Role-Based Access Control

BluInsights offers flexible data access control setup by allowing project owners to configure customized access roles, which offer the choice of more than 50 different permissions for user actions in BluInsights, and can be used to specify user access levels to certain features, actions and content.

Security best practices compliance

SQL injections

SQL interfaces are protected against injection attacks and credential disclosure.

CSRF& SSRF

Cross-site and Server-side requests and forgery are mitigated by relevant authorization checks.

Cross site scripting (XSS)

BluInsights takes the special precautions needed to avoid attacks that rely on confusing data, code, and protocol messages.

Third-party auditors assess the security and compliance of BluInsights, based on AWS security standards.

Detection

BluInsights identifies threats by monitoring the network activity and platform behavior.

Logs/Audits and Incident Response is configured like any general AWS services, with the Service Team taking ownership and triage with support from AWS Security.

BluInsights identifies threats by monitoring the network

Want to know more ? Have a concern ? Need to report an incident ?

Send us an email if you have other security questions and we’ll get back to you as quickly as we can.