How Brightmetrics™ Handles Security in our SaaS Product
These days small to mid-sized businesses are turning more and more often to Software as a Service (Saas) or cloud solutions like Brightmetric's Executive Support System (ESS). When compared to in-house solutions, cloud solutions tend to be more cost-effective, quicker and easier to setup and easier to upgrade.
Using a cloud solution also allows small to mid-sized companies to offset very costly and time-consuming security needs. Due to rapidly evolving best practices and compliance measures, many small to mid-sized businesses find it difficult to handle IT security in-house. In fact, in a recent report, Forrester Research, found that 67 percent of all IT executives interviewed felt they were unable to handle IT security internally due to limited staff or budget.
If a business tries to manage IT security internally and fails to do a comprehensive job, they risk exposure to data breaches, identity theft, and data loss.
Finding Security in the Cloud
Understanding your SaaS (Software as a Service) provider's security policies and methodology is important before committing to store your data with them. Brightmetrics has developed our product from the ground up with security being the #1 concern. As a cloud software provider, we offer enterprise-level security features, encryption, and the latest compliance standards, to our end users.
During our research and development of the Brightmetrics ESS software solution, we worked with our group of trusted advisers to be sure our cloud solution offered the highest level of security to our customers. Below are four security features of the Brightmetrics ESS solution that can help ease the burden of IT security for your business:
1. End-to-End Encryption
All customer data in Brightmetrics' service is encrypted using AES-256. This is the same 256-bit key encryption that the U.S. government uses to protect its most sensitive data. The data is encrypted before it leaves your local computer and remains encrypted on the hosting side. This means that the host provider and Brightmetrics database administrators and support staff cannot decrypt your data. Only the end-user can decrypt the ESS data using their unique login and password. AES-256 encryption has never been successfully attacked.
2. Protection of Sensitive Information
All financials, trade secrets, intellectual property and client information, basically anything that can identify your company, will remain encrypted and hidden from view in the Brightmetrics system. This sensitive information cannot be decrypted by anyone except the end-user. The data remains protected even in the unlikely event that our host's server was compromised. When Brightmetrics database administrators work inside the ESS system, they will not be able to see any unencrypted or identifying information about the company.
3. Compliance with Industry Standards
In the IT security industry, complex compliance measures and best practices change rapidly. It can be hard for smaller companies to independently navigate IT security compliance and keep their systems audited and up-to-date. At Brightmetrics, we work with a host provider who is an industry leader in security and is compliant with SAS70 Type II Auditing, the highest standard in IT security checks. The industry-leading compliance measures of our host provider get passed down through the Brightmetrics ESS software solution to the end-user.
4. Password Protection and Data Recovery
Brightmetrics has created an additional level of security around password recovery to ensure that all data is accessible to the end-user in the event of a lost or stolen password. We use strict procedures to govern which Brightmetrics employees have security clearance to re-issue password information to end-users. ESS Data is also always recoverable. A small subset of Brightmetrics employees, at the highest level of security clearance, can unlock or decrypt data only at the request of the end-user for technical support or recovery purposes.
To learn more about the Brightmetrics ESS general or security features, please leave a question in the comments or contact us directly at firstname.lastname@example.org.