Security management

Behavox is a member of the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.

Consensus Assessment Initiative Questionnaire for Behavox is available online.

Security of systems and data

  • Encryption of data at-rest in the cluster using HBase Transparent Encryption (AES-256)
  • User authorisation and authentication via Kerberos
  • Access strictly through VPN channels
  • Only remote desktop access to the client environment strictly on the basis of a genuine business need
  • Restrictions policy prohibiting the host from executing any prohibited data-related requests (e.g. copying data to the buffer, pasting the data from the buffer etc.) sent by the user
  • Strong passwords that are being regularly rotated
  • Continuous logging of all activity on both infrastructure and application levels
  • Input and output data integrity routines are continuously carried out together with regular and automatic data integrity checks of data in WORM storage

Security controls and independent audits

  • Behavox security controls have been designed in alignment with industry standard security frameworks – ISO 27001, CSA Cloud Controls Matrix (CCM) and Service Organization Control (SOC) 2
  • Going forward Behavox will be subject to the continuous independent third-party CSA STAR Attestation audit. The first assessment results are expected to be available in Summer 2017
  • Starting from Spring 2017 Behavox systems will be subject to regular external penetration testing exercises based upon the OWASP (Open Web Application Security Project) Top 10 and performed by CREST-certified testers

Security of the Software Development Lifecycle

  • Strict adherence to Secure Coding Guidelines for Java SE
  • Use of automated source code analysis tool to identify significant security defects in code
  • Manual post-commit review of code involving security-related functionality
  • Ongoing security testing to expose potential security gaps
  • Mandatory internal security audit aimed at identifying security loopholes and vulnerabilities as part of the QA process

© Behavox