Bedrock Data Security and Technology

Bedrock Data manages a secure and scalable technology stack that is continuously monitored and patched to stay ahead of digital threats.  Below is a summary of our policies and practices as it relates to compliance, privacy, and security.

Application Security

Traffic between customers and Bedrock Data is protected with highly secure in-transit encryption using only the most secure TLS protocols and ciphers, along with 2048-bit encryption keys.

Bedrock Data’s software services are automatically monitored and checked against a constantly updated database of over 20,000 vulnerabilities.

Bedrock Data uses third-party Distributed Denial of Service (DDoS) protection software to ensure DDoS attacks are easily detected and thwarted before they cause a problem.

Our application codebase is continuously and automatically tested to ensure adherence to operational targets, including data integrity and security.

Application, audit, and system logs are captured and stored permanently, allowing for detailed forensic research.

Data Security

Customer data is encrypted in transit and at rest to ensure end-to-end protection with the latest standards and protocols.

Data Center Security and Certifications

Bedrock Data’s software is powered by world leaders in data center management and security.  Physical access is protected by 24x7 onsite staff, as well as state-of-the-art biometric scanning and other electronic security controls.

Our infrastructure partners maintain SOC Type II and ISO 27001 certifications.  

AICPA.jpeg  ISO.png

Availability & Continuity

Bedrock Data has an “availability first” approach. All infrastructure and application components are redundant, with active failover mechanisms. Critical operational data is backed up automatically, and backups are regularly tested to ensure integrity and recoverability.

Data Encryption

Data in transit is encrypted with the most secure TLS versions and ciphers. We employ 2048-bit encryption at a minimum and rotate keys regularly. When connecting to third party services on behalf of customers (e.g., to synchronize data), we ensure all API endpoints are protected by a valid SSL certificate.

Data at rest is encrypted at multiple levels, including on the physical disk and by the logical storage subsystem using AES-128 and AES-256. Keys are randomly generated and encrypted asymmetrically, stored and protected by a proprietary key management service provided by a global leader in infrastructure security.

PCI Compliance

Bedrock Data uses an industry-leading third party to process credit card transactions for customers who wish to pay by credit card.  Bedrock Data does not store or possess any cardholder data relative to these transactions; this data is transmitted directly and securely to our upstream payment processor.

Bedrock Data attests to PCI-DSS SAQ-A compliance, and has been certified by Trustwave.

Trustwave PCI Compliance Badge - Click below to verify:

 

Operational Security

Vulnerability Detection
Bedrock Data employs active vulnerability detection, which audits every action taken on our servers as well as all data ingress and egress. Suspicious activity is automatically flagged and sent to our security operations team for investigation. Our team regularly reviews audit logs, monitoring data access patterns by internal and external actors.

Malware Interception

Automatic virus and malware protection with top-tier, self-updating tools ensures that our network is kept free of malware, spyware, worms, and other common Internet vulnerabilities.

Proactive Scanning

Bedrock Data utilizes enterprise-grade security scanning tools which automatically check against a continuously updated database of over 20,000 known vulnerabilities. This allows us to stay ahead of the curve and keep our infrastructure strong, even against new attack vectors as they are discovered.

Training

All Bedrock Data staff members receive security training and a secured computer to ensure consistent protection of shared infrastructure, such as our corporate network. Developers receive additional security training, and application code is regularly reviewed to ensure adherence. Technical operations staff receive the highest level of security training; these are the only team members who are permitted to access production systems and, by extension, customer data.

Incident Response

Bedrock Data maintains a detailed incident response plan to ensure that any security events and incidents are properly diagnosed, categorized, and managed. Technical staff are regularly trained and tested in incident response procedures. Bedrock adheres to industry standard incident response practices, including involvement of local law enforcement where appropriate.

Continuous Improvement

The Bedrock Data Security Committee reviews all security-related policies, procedures, and training programs to ensure adherence in the execution phase, and to ensure alignment with the latest industry standards and best practices.

Privacy

Bedrock Data is committed to protecting the privacy of our customers’ personal information. Please see our Privacy Policy for more information.

Safe Harbor

Bedrock Data complies with the U.S -E.U. and U.S.-Swiss Safe Harbor frameworks. To view the Bedrock Data certification on the Safe Harbor list or to learn more about the Safe Harbor programs, please visit http://2016.export.gov/safeharbor/.

safeHarbor-certLogo

Privacy Shield

Bedrock Data’s application for compliance with the EU-US Privacy Shield Framework is currently under consideration by the U.S. Department of Commerce.  Once the process is complete, we will post our certification here.

Date Of Last Update:  April 28, 2017

Related information: Bedrock Data's Privacy Policy & Terms and Conditions.