Security and Infrastructure
Given that our customers are primarily in the IT Services market and that we are integrating with on premise databases, we constantly get asked the two questions:
- How does BrightGauge handle security?
- What impact does a BrightGauge agent (for on premise connections) have on customer servers.
I want to answer both of these questions and elaborate a bit more for our community:
For starters, we take security extremely serious starting with our management team down to implementation. In fact, being part of the Dosal Capital family of companies, one of our sister companies is a cybersecurity firm, Compuquip Cybersecurity. Security is in our DNA from the start and we are constantly looking to improve our controls (as everyone knows, security is an ongoing battle).
Data Ingestion and the BrightGauge Agent
Typically, the meat of the security conversation starts with Data Ingestion (how data goes from a customer site to BrightGauge). The reality is we need to get data securely and efficiently from our customers databases. We accomplish this by having developed our own Agent that customers download and install anywhere on their internal network. This agent exists to do two things only, 1) take SQL queries from BrightGauge and query the database locally to grab data quickly and 2) encrypt that data and send back to BrightGauge on a regular interval.
The agent creates a secure SSL Tunnel between itself and our web servers. In order to further protect the connectivity, we ask our customers to open up a port in the firewall (of their choosing) and lock it down to our IP Addresses (which we only provide when someone is a customer). Once a customer locks down that port using our IPs on their firewall, then we are set on having a secure channel to communicate the encrypted data through.
What Data is in Transit
The agent is extremely light weight since it’s only passing queries and encrypting data. The SQL queries being sent to the agent (and therefore database) are purely up to the customer... but of course many choose to use our Default Datasets per data source (SQL queries). These default datasets/queries refresh data on a regular interval and because of that refresh, data is never STORED on BrightGauge servers for more than that pre-set interval time.
From an efficiency standpoint, these default queries have been tested with customers all over the world of all sizes and haven’t caused any performance issues to date. If a query starts to deliver too much data, our systems reject the query and stop connectivity before the request could cause any issues with the database themselves.
Now that we have answered the efficiency of the queries and the security aspect of Data Ingestion, we can turn our attention to our own infrastructure.
BrightGauge Infrastructure
At the outset of starting BrightGauge, we decided to focus on what we were good at as a team, developing software. Therefore, we made the decision to host all our infrastructure, physical controls, and network security with Rackspace. Rackspace has an army of network security professionals that monitor and manage our entire infrastructure 24/7 from their data centers (read about Rackspace Security Certifications here). With our infrastructure in a Private Cloud (with a small subset of servers in the public cloud) we rely happily on the experts at Rackspace to keep us monitored and secure. Fortunately, we were able to choose the highest level of security services from Rackspace including being protected by leading edge firewalls and Intrusion Prevention Systems (IPS).
Data Storage
Our databases (we use two types of databases) are extremely well protected and like I mentioned above, never store data for longer than the regular data refresh cycles. The data being refreshed is always visible to the customer and default datasets can be added or removed at the discretion of the customer. Many folks ask what type of data we refresh in our default dataset but that changes. It all depends on what data is required to create beautiful reports and metrics.
As we continue to grow our customer base and infrastructure, security is top of mind and we continue to invest time, money, and energy into making our environment first class in security and reliability.
Free MSA Template
Whether you’re planning your first managed services agreement, or you’re ready to overhaul your existing version, we've got you covered!