We go to great lengths to make sure your data is secure. In this article, you'll learn about BigTime’s security protocols, how we approach encryption, and how you can report security risks.
- WHAT ENCRYPTION PROTOCOLS DOES BIGTIME SUPPORT?
The BigTime application supports TLS 1.2.
- HOW DOES BIGTIME PROTECT ITS PUBLICLY ACCESSIBLE SYSTEMS?
BigTime resides in a Virtual Private Cloud on Amazon Web Services (AWS). We only permit HTTPS traffic to our web servers through our load balancers. Our databases and support systems that do not require web access are not public-facing. We also rely on AWS Shield, WAF, GuardDuty and Cloudflare to help block suspicious traffic and denial-of-service attacks.
- IS ALL CLIENT DATA ENCRYPTED?
All traffic to BigTime is served over HTTPS and all datastores are encrypted. Our snapshots, image-based backups, and sensitive data within the BigTime database are encrypted as well.
- HOW IS ADMINISTRATIVE ACCESS TO BIGTIME SYSTEMS SECURED?
Administrative access to BigTime systems is tightly controlled and monitored. Selected essential members of the BigTime team have secure remote access capabilities. This access relies on multiple layers of authentication.
- DOES BIGTIME HAVE A WRITTEN SECURITY POLICY?
Yes, BigTime has a written network security policy and our compliance team meets to review and approve all changes to internal security policies.
- DOES BIGTIME ENFORCE A STRONG PASSWORD REQUIREMENT?
Yes, client administrators can enable a strong password requirement.
- HOW IS USER SECURITY ORGANIZED WITHIN BIGTIME?
BigTime offers role-based permissions for login and access to projects and reports.
- I THINK I FOUND A VULNERABILITY. HOW DO I REPORT IT?
Any suspected breaches of security or discovered vulnerabilities can be reported to firstname.lastname@example.org for review by our team.