As Cloud Computing is achieving increased popularity, concerns are been voiced about the security issues introduced through the adoption of this new model. Most IT teams want convincing that all Cloud providers deploy industry-standard security technology and processes. However, definitions of is “industry-standard” can vary... Here we lay out exactly how solutions like bime meet the highest of security standards.
Security is our number one priority. Bime is an analytical tool, not a database – uploading data can ease collaboration and boost performance but is not actually necessary. Déjà Vu, our distributed cache, exists to enhance user experience and performance, but the user is in no way obliged to use it. Data is only stored in the Cloud upon user request, otherwise it is extracted from the user database each time.
Reliable, secure server environment
When Déjà Vu, our distributed cache, is activated, Bime will mutualize the data from your computer directly to Amazon S3 without going through our servers. The transfer is encrypted, the request is signed using a public and private key mechanism. Data is stored in a proprietary format, encrypted and anonymized.
All of our servers are hosted by Amazon Web Services (AWS). AWS has many years of experience in designing, constructing, and operating large-scale datacenters. This experience has been applied to the AWS platform and infrastructure. AWS datacenters are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means.
Authorized staff must pass two-factor authentication a minimum of two times to access datacenter floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. AWS only provides datacenter access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to datacenters by AWS employees is logged and audited routinely. AWS requires that staff with potential access to customer data undergo an extensive background check (as permitted by law) commensurate with their position and level of access to data.
Serious about data security
Another element of high importance is certification. Bime has passed the independent security review by SalesForce.com, which has some of the highest standards in the industry, without any flaws.
As we do not maintain our own data systems or servers, we are not eligible for a SaS type II audit. All of the systems we use are hosted by Amazon Web Services, which of course does hold SaS Type II accreditation.
Don't forget: All Bime accounts include 128-bit SSL security – the same used by online banks. SSL is an acronym for “Secure Socket Layer”, a security protocol that provides communications privacy over the Internet. The protocol allows Bime to securely communicate in a way that is designed to prevent eavesdropping, tampering, or communications forgery. It is the same technology used by e-commerce companies such as Amazon.com to keep your information safe and secure during transactions. In Bime’s case, SSL keeps your data connections absolutely secure (Bime’s normal password protection keeps your information private, but SSL keeps it private and secure). Even the free trial has SSL on all Bime connections!
And remember: Your data is yours! We don't store it. We only store the way you want to analyze it. We connect your data and act like a middle-man who gives you more insight into it. Whereas your data is stored in the Cloud, in your computer or in your internal server, we rely on your datastore capabilities.
Do I really need such a high level of security?
Not all of our customers need this much security... But that’s the benefit of Cloud BI -- you will always get the level of protection needed by the provider’s most stringent customer’s requirements. And what's more - you don’t even have to pay a premium for it! :)