Infrastructure and Network Security

Like many SaaS providers, BrightGauge infrastructure is hosted in the cloud with Amazon Web Services (AWS). We are hosted in the US East Region with AWS where all data flows into and out of and we are backed up between zones. Amazon provides a strong foundation of privacy and security guarantees. Leveraging AWS for all infrastructure allows BrightGauge to stay focused on a relatively small surface of potential security vulnerabilities.

Physical Access Control
BrightGauge does not have physical access to the AWS data center. For further details regarding Amazon’s cloud security protocols, refer to Data Center Controls.

Logical Access Control & Perimeter Security
The BrightGauge infrastructure is hosted within a secured AWS Virtual Private Cloud (VPC). VPCs provide a network firewall and private virtual network in AWS. Network traffic is continuously monitored for anomalies and for threats. This network security layer serves as the first line of defense for BrightGauge and hundreds of thousands of other AWS customers. More information about AWS VPCs is available, refer to VPC Security.

Penetration Testing
To independently validate software and infrastructure security, BrightGauge conducts annual third party penetration testing. We use the results of these tests to help reveal and prioritize potential security enhancements.

Data Security & Privacy

Understanding Data Flow & Encryption
Customer data is pulled into BrightGauge at regular intervals through on-premise BrightGauge Agents and over web APIs. In both cases, data is always transferred using industry standard Transport Layer Security (TLS) over the HTTPS protocol.

All web application traffic to and from BrightGauge supports and requires HTTPS. Any insecure HTTP requests are automatically redirected to the secure HTTPS protocol. For the small subset of data served directly from Amazon AWS services, data is always transmitted over HTTPS. BrightGauge’s latest SSL Labs Report can be found here.

Emails delivered to customers by BrightGauge are encrypted in-transit using TLS whenever supported by the recipient.

BrightGauge has also enabled full disk encryption for our databases.

Data Privacy
As per our Data Protection and Privacy Policy, we take your data privacy very seriously and only work with GDPR compliant third party providers to help us deliver our service. Refer to our Data Protection Addendum (DPA)and our Privacy Policy for all the requirements for and restrictions of data usage, access, and portability set forth in GDPR.