How Secure is BeeApp?
Best Practice in Set Up, Proactive in Updates
To get value out of most types of business software, you will need to enter commercially sensitive information. This could be hive locations, lab results, profitability information or many more. While tools that help you use this information can be incredibly powerful, they also represent some level of risk. Here at BeeApp we take this extremely seriously.
Our technical leads have experience handling some of the most sensitive data that exists, personal financial and health information. Through working at some of the biggest banks in the country and global health research conglomerates our team has had cutting edge experience on the front lines of these world leaders in information security.
In this post we have tried to explain how to think about security and the steps we have taken to best support you, our customers. If this is too technical and you want a different explanation or you have more questions, our contact details are at the bottom of the page, please don’t hesitate to reach out.
There are two places where security issues tend to come from.
Issue 1: When initially writing the software.
Before any software gets near customers the developers have to think about how to construct it so that it is efficient, reliable and secure. The decisions made at this stage of building a digital product can massively increase the risk of critical information (like your hive locations) getting into the wrong hands.
Issue 2: Not constantly updating the software.
Software is not stationary. It is constantly evolving to be more efficient, reliable and secure. However the downside of this constant pace of improvement is that some parts don’t keep up with the pace of change and begin to have more and more issues with security over time.
Basic security steps we take are:
Best practice frameworks and patterns are used when designing new product. We implement best practice technology, such as Auth0 for our authentication process when you login. If we had built a custom login system the risks of us making a mistake are extremely high, compared to what the people who spend every day only focusing on that problem.
Monitor activity - the CEO is sent a notification when logins that are strange (be it time of day, or location of login) occur. This enables the team to keep across any unexpected hostile activity.
Customer databases are separated. What this prevents is any mix up of customer information, accidental or otherwise.
Common encryption certificates (HTTPS & SSL) are used throughout our product. What this means is that every communication between phone and web app and any other service is effectively encrypted the same way your banking data is encrypted.
Code is constantly updated to ensure it is as robust as possible. This is about striking a balance between what is new, what is aged and what is reliable.
All of our technical team actively participates in IT security training every 3 months.
There are a few other super top secret things we do to protect your information, but keep a bit closer to the chest. If we were to discuss them openly then we would be unnecessarily helping any hostile party.
What we have tried to do in this post is outline what best practice is and how we stick to it. If anything above is unclear, or you would like more information please use the details below to reach out.
Email firstname.lastname@example.org with any further questions or reach out directly to Jack on +64 21 998 005 or at email@example.com