For direct access to our product environment on Amazon Web Services (AWS), we have an active security policy to prevent unauthorized access to the platform:
- All BlueConic employees have strict security and non-disclosure agreements in their employment contracts
- Only 4 named employees have direct access to the production environment on AWS.
- AWS is only accessible via two-step authentication with a hardware token, using AWS Identity and Access Management.
- The On Demand Access policy and named list of employees that have access is audited every month.
- For our production environment we use Amazons Linux Image.
- Security updates from this image provided by Amazon are deployed on the On Demand environment within at maximum 3 days, to provide time to test updates for an adverse impact on the production environment
- If there are security or privacy related patches for BlueConic, they are deployed on the On Demand environment within at maximum 3 days
- New BlueConic releases (currently every 2 months) are deployed on the On Demand environment within at maximum 3 weeks after release
For additional information regarding security on AWS cloud infrastructure we refer to Amazon’s SecurityCenter.