Understanding platform access

Who can access your data?

BlueConic manages the data on behalf of our customers. We have the following policies in place:

  • Only named BlueConic employees are allowed to use Cassandra databases from customers for testing purposes
  • A copy of a tenant can only be retrieved by a specified group of named members of BlueConic.
  • Copies of databases are on a separate file system, only accessible by a specified group of named members of BlueConic.
  • We will never mix two Cassandra databases from two different tenants
  • If a tenant is removed on request of a customer, we will remove all data within one month, and, if needed sent the customer a copy of all this.

Who has direct access to the production environment?

For direct access to our product environment on Amazon Web Services (AWS), we have an active security policy to prevent unauthorized access to the platform:

  • All BlueConic employees have strict security and non-disclosure agreements in their employment contracts.
  • Only specially named employees have direct access to the production environment on AWS.
  • AWS is only accessible via two-step authentication with a hardware token, using AWS Identity and Access Management.
  • The On Demand Access policy and named list of employees that have access is audited every month.
  • For our production environment we use Amazon's Linux Image.
  • Security updates from this image provided by Amazon are deployed on the On Demand environment within a maximum of 3 days, to provide time to test updates for an adverse impact on the production environment.
  • If there are security or privacy-related patches for BlueConic, they are deployed on the On Demand environment within a maximum of 3 days.
  • New BlueConic releases (currently every 2 months) are deployed on the On Demand environment within a maximum of 3 weeks after release.

Who can access the Management UI?

Customer access to the Management UI:

  • Customers only have access to BlueConic via the Management UI.
  • The Customer is responsible for all accounts in the tenant and has full control over it.
  • The Management UI is only accessible using HTTPS connections.
  • BlueConic uses two-step authentication via email accounts.
  • If a user logs in from a new IP address that is different from the one used in the previous session, they have to enter an additional one-time code sent to them via email. After that, the account is locked to that person's browser for 30 days, and they only need their account name and password to login.