Who has direct access to the production environment?

For direct access to our product environment on Amazon Web Services (AWS), we have an active security policy to prevent unauthorized access to the platform:

  • All BlueConic employees have strict security and non-disclosure agreements in their employment contracts
  • Only 4 named employees have direct access to the production environment on AWS.
  • AWS is only accessible via two-step authentication with a hardware token, using AWS Identity and Access Management.
  • The On Demand Access policy and named list of employees that have access is audited every month.
  • For our production environment we use Amazons Linux Image.
  • Security updates from this image provided by Amazon are deployed on the On Demand environment within at maximum 3 days, to provide time to test updates for an adverse impact on the production environment
  • If there are security or privacy related patches for BlueConic, they are deployed on the On Demand environment within at maximum 3 days
  • New BlueConic releases (currently every 2 months) are deployed on the On Demand environment within at maximum 3 weeks after release

For additional information regarding security on AWS cloud infrastructure we refer to Amazon’s SecurityCenter.