Security and compliance

<< Click to Display Table of Contents >>

Navigation:  » No topics above this level«

Security and compliance

Overview

As businesses are increasingly interested in shifting their operations toward the cloud these days, security and compliance requirements have become more and more demanding and critical for customers.

This article describes how Bizagi Cloud implements strict governance and security requirements so that data privacy and overall system security is no longer a concern for customers wanting to use Bizagi Cloud services.

 

Security, our first premise

Bizagi Cloud has been designed with security as its top prior. By using technologies and controls that enable an isolated environment for each customer, Bizagi Cloud delivers a virtual private cloud where customer data is not shared.

 

This private cloud has further security controls and mechanisms implemented, such as identity and access management, data encryption, and policies and procedures to ensure data privacy for customers, such as the deletion of data upon termination of the subscription, security controls to allow access to data only to authorized personnel, and physical and environmental measures to protect data.

 

What is exactly a virtual private cloud?

Bizagi Cloud features a separate cloud platform for each customer, where all due environments (e.g, testing and production environments) in that platform are secure.

Bizagi Cloud considers that each customer uses a set of different assigned services and resources, where customer data is not shared.

Such set of assigned services and resources are located in the geographical location chosen by the customer.‚Äč

Having separate services and resources along with data isolation allows for a more predictable performance behavior and a base for strict compliance in terms of data privacy.

 

Bizagi Software Development Cycle

Bizagi Cloud uses Bizagi Engine in its runtime environments.

Bizagi Engine implements a software development cycle which enforces industry-standard high security controls, in order to enable the Bizagi system (and whole service) to successfully mitigates potential hacking and overall security risks.

Such software development cycle relies on the Secure Development Lifecycle methodology published by Microsoft, while also following guidelines dictated by security expert communities such as NIST, OWASP, or Cloud Secure Alliance.

By following these comprehensive guidelines, such as OWASP Top 10, Bizagi's development team is able to identity and resolve vulnerabilities throughout the early stages of the software development cycle.

Within a secure development strategy, Bizagi adopts several other best practices such as:

A four-eye principle in place to assure that code development gets validated.

New features being analyzed by following the Octave Allegro risk methodology and by conducting Threat modeling as well.

Specific platform guidelines for mobile applications taken into consideration, as officially issued by Apple, Android and Microsoft.

Automatic tools being employed in order to perform both: dynamic application security testing, and static code analysis (using AppSpider and Veracode respectively).

Manual penetration testing conducted regularly, by Bizagi's Security team, in order to identify any potential vulnerability that would be otherwise difficult to detect automatically.

In addition to the above, customers and other organizations such as Cert.org, have over the past run security checks to assess that Bizagi has an adequate security compliance levels for enterprise-class solutions.

 

Compliance

Bizagi Cloud is powered by Microsoft Azure and managed by Bizagi, and it introduces a cloud-centric architecture which leverages the best services and techniques to offer a secure, reliable and high performance cloud environment.

Microsoft Azure has been widely recognized for its compliance with different local and global standards and regulations, including ISO/IEC 27017, SOC 1 and SOC 2, PCI/DSS, NIST-800-171, FedRamp, HIPPA/HITECH, and EU Model clauses, among others.

 

 

ISO/IEC 27001

ISO 27001 is recognized worldwide as one of the premiere international information security management standards.

Bizagi's security policies and procedures are based on this standard, while also considering applicable addendum to cloud privacy.

 

Security controls

Bizagi Cloud implements security controls and measures for data integrity, confidentiality and availability.

For more information on each of these security control and measures, please refer to the links below:

Network security.

Cloud environment security.

Identity and access management.

Data encryption.

Physical security.

Monitoring and operations.