The VBZL platform is dedicated to empowering engineering teams with advanced data-driven insights. Designed to streamline discovery, enhance observability, and facilitate decision-making, our platform offers an array of tools and features tailored to the unique needs of engineering operational management.
Leveraging the power of cloud computing, our platform provides a seamless, scalable, and efficient way for teams to access, analyze, and collaborate on engineering data, irrespective of their location or the complexity of their projects.
At the core of our service offering is an unwavering commitment to security and data protection. Recognizing the critical nature of the data VZBL handles, we are devoted to maintaining the highest standards of data security and privacy.
Our platform is built on a foundation of robust security protocols, leveraging state-of-the-art technologies and practices to ensure the integrity, confidentiality, and availability of our clients' data.
In an era where data breaches and cyber threats are increasingly common, VZBL prioritizes the protection of our clients' information above all else. Our security measures are continuously reviewed and updated to counter emerging threats and comply with the latest industry standards and regulations. From employing advanced encryption techniques to implementing rigorous access controls and regularly conducting security audits, VZBL is committed to safeguarding our clients' data with the utmost diligence and expertise.
This commitment extends beyond our technological infrastructure to encompass every aspect of our operations, including employee training, policy development, and customer support. VZBL understands that security is a collective responsibility, and we actively work to foster a culture of security awareness and compliance among our team members and clients.
Commitment to Security and Data Protection
AWS Infrastructure Security Measures
Network Security Configurations on AWS:
Security Audits and Vulnerability Assessments:
Security Practices for Container Orchestration Using EKS:
Container Isolation and Network Policies:
Image Scanning and Container Runtime Security:
Incident Response and Management
Incident Detection and Reporting Procedures:
Response Plan for Security Breaches:
Post-Incident Analysis and Preventive Measures:
Adherence to Industry Standards and Certifications:
Regular Internal and External Security Audits:
Compliance Reporting and Documentation:
Security Measures for Physical Data Centers:
Policies on Physical Access to Infrastructure:
Business Continuity and Disaster Recovery
Backup and Recovery Procedures:
Data Redundancy and System Resilience Measures:
Business Continuity Planning in Case of Major Incidents:
Security Requirements for Third-Party Vendors:
Monitoring and Managing Third-Party Risks:
Contractual Obligations with Service Providers:
In Transit: VZBL uses Transport Layer Security (TLS) version 1.3 for encrypting data transmitted betVZBLen all of our services, including our clients. Our use of TLS is paired with the latest AWS Security Policy TLS13-1-2-2021-06 to ensure the strictest of ciphers are only supported.
At Rest: All data stored within our AWS infrastructure is encrypted at rest, this includes but is not limited to S3, EBS Volumes, and all RDS data layers. VZBL utilizes AWS Key Management Service (KMS) for this purpose, ensuring a robust and secure encryption strategy. Each service is assigned a unique KMS key that’s only responsible for their respective service.
Secrets Management: All secrets within the platform are encrypted with a custom KMS key for each function. This includes but is not limited to environment variables, api keys, passwords, sensitive string information and client specific data.
Key Management: AWS KMS is a managed service that enables us to easily create, control and rotate the encryption keys used to encrypt data. KMS is designed to be highly available and secure, which is crucial for managing keys that encrypt sensitive data. KMS keys are automatically rotated annually for all services.
Security Controls: KMS integrates with other AWS services to offer a seamless encryption experience. It ensures that the keys are used only for authorized encryption and decryption operations. The service provides strong security controls, including key rotation, key deletion, and detailed audit logs of key usage.
Compliance and Standards: AWS KMS complies with various industry standards, including FIPS 140-2. This compliance demonstrates the robustness of KMS in protecting cryptographic keys.
Custom Key Policies: VZBL implements custom key policies, granting minimal necessary access to the keys. This aligns with the principle of least privilege, ensuring that only authorized entities have access to the encryption keys.
Principle of Least Privilege: Access to data is strictly governed by the principle of least privilege. This means that individuals are granted only the access necessary to perform their job functions. This minimizes the risk of unauthorized access or inadvertent data exposure.
Two-Factor Authentication (2FA): All access to our systems including but not limited to the AWS Data Centers, Client VPNs, AWS Management Portal, Database and client information access requires two-factor authentication. This adds an extra layer of security by requiring not only a password and username but also something that only the user has on them, such as a physical token or a mobile phone application code.
Exclusive Access Over AWS VPN: Internal access to our AWS environment is exclusively conducted over a secure AWS Virtual Private Network (VPN). This ensures that all communications betVZBLen our internal network and AWS services are encrypted and isolated from public internet traffic.
Regular Review and Auditing: Access controls and identity management protocols are regularly revieVZBLd and audited. This includes monitoring for any unusual access patterns or unauthorized attempts to access data, ensuring ongoing adherence to our strict security standards.
Data Separation: Client data is physically separated into a single tenant architecture in our Neo4J data warehouse, this provides a higher level of security than other shared tenant models. In simple terms, this means each customer’s data is in their own database. Transactional data stored in Aurora is in a shared tenant architecture, but is not client facing or available through client to server transactions.
Ensuring the privacy and integrity of data is a fundamental aspect of our service. This section elaborates on how we align with privacy laws and regulations, our policies for data collection, usage, sharing, and the rights of our users along with our data retention policies.
Compliance with Privacy Laws and Regulations: VZBL strictly adheres to all relevant privacy laws and regulations that apply to our operations and services. This includes, but is not limited to, the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA), and other global data protection laws.
VZBL engages in proactive measures to not only comply with current regulations but also to anticipate and prepare for future legislative changes, ensuring that our platform remains compliant at all times.
Data Collection, Use, and Sharing Policies: As outlined in our Privacy Policy, we are transparent about the types of data we collect from our users. This includes both personal and non-personal data gathered through various interactions with our services.
The use of collected data is strictly for the purposes of improving our services, providing user support, enhancing user experience, and other legitimate business uses.
VZBL does not share personal data with third parties without the explicit consent of our users or where we’ve outlined the use with our subprocessors, except where required by law or for essential business purposes as detailed in our Privacy Policy. Any such sharing is conducted under strict confidentiality and security measures.
Data Retention Policies: Data within the VZBL platform is retained for at least 12 calendar months. Certain types of data may be kept for longer than 12 months, depending on their usage and value within the platform. Examples of such data include metrics, logs, trending data, or roll ups of historical data. This approach ensures compliance with legal requirements while preserving valuable data for ongoing analysis and service improvement.
Physical Security: AWS data centers are equipped with state-of-the-art physical security measures including 24/7 surveillance, secure access controls, and environmental controls to protect against physical threats and natural disasters.
Compliance Certifications: AWS complies with a variety of compliance standards such as ISO 27001, SOC 1, SOC 2, and PCI DSS. This ensures a high level of security management and risk mitigation.
Network Isolation and Protection: VZBL uses Amazon Virtual Private Cloud (VPC) to create a logically isolated section of the AWS cloud. Within the VPC, VZBL can launch AWS resources in a virtual network that VZBL defines, providing control over the network environment.
AWS Identity and Access Management (IAM): VZBL uses IAM to manage access to AWS services and resources securely. This includes creating and managing AWS users and groups, and using permissions to allow and deny their access to AWS resources.
Amazon GuardDuty: This is a threat detection service that continuously monitors for malicious or unauthorized behavior to protect our AWS accounts and workloads.
AWS Key Management Service (KMS): This service is used to create and manage cryptographic keys and control their use across a range of AWS services and in applications.
Security Groups and Network Access Control Lists (NACLs): VZBL employ these to provide stateful and stateless filtering respectively, controlling inbound and outbound traffic at the instance and subnet level.
AWS WAF (VZBLb Application Firewall): To protect our VZBLb applications from common VZBLb exploits, VZBL uses AWS WAF, which helps control the traffic that reaches our applications.
Amazon CloudFront: This content delivery network (CDN) is integrated with AWS WAF, providing a secure and optimized way to deliver content with high data transfer speeds.
In the context of TypeScript-based applications that interact with npm packages, utilize React, and integrate with third-party services, maintaining robust application security is crucial. We employ several strategies and practices to ensure the security and integrity of our applications.
TypeScript Security Features: VZBL leverages TypeScript's strong typing system to prevent common security vulnerabilities such as type mismatches that can lead to unhandled exceptions.
React Best Practices: For React components, we use JSX and React’s built-in escape functions to mitigate the risks of cross-site scripting (XSS) attacks. Additionally, we ensure that state management is handled securely to avoid exposure of sensitive data.
Secure Handling of NPM Packages: VZBL performs thorough vetting of npm packages before integration, assessing their security posture and maintenance history. We use tools like npm audit for identifying known vulnerabilities in dependencies.
Code Reviews and Static Analysis: Regular code reviews are conducted to identify security flaws, and we use static analysis tools to automatically detect potential security issues in the codebase.
Automated Scanning Tools: We use automated tools to continuously scan our codebase and dependencies for vulnerabilities.
Third-Party Audits: Periodically, we engage external security experts to conduct comprehensive audits of our applications, providing an independent assessment of our security posture.
Integration Testing: Our integration tests include security-focused tests to ensure that interactions between different components, especially with third-party APIs, are secure.
Automated Dependency Updates: VZBL implements automated processes to keep our npm packages and dependencies up-to-date, using tools like Dependabot or Renovate.
React Version Updates: VZBL closely follows React updates and applies them promptly to leverage the latest security enhancements and fixes.
Security Patch Deployment: In the event of a vulnerability discovery, we have a streamlined process for developing, testing, and deploying patches quickly and efficiently.
Cadence: Patches are applied via a nightly image update to the base image in which the application code is deployed on.
Monitoring Third-Party Integrations: We continuously monitor the security status of third-party services integrated into our applications and take prompt action when updates or patches are released by these providers. Third parties are subscribed and notifications are automatically sent to our communication channels.
VZBL utilizes Amazon Elastic Kubernetes Service (EKS) for container orchestration, ensuring container security is a multifaceted task. We employ various strategies and best practices to secure our container environment, focusing on orchestration security, container isolation, network policies, image scanning, and runtime security.
Role-Based Access Control (RBAC) in EKS: We implement RBAC to control which users have access to the Kubernetes API and what actions they can perform on resources in the cluster. Each pod utilizes a custom role that is limited to the required permissions needed to perform their role.
EKS Cluster Security: We ensure that the control plane, worker nodes, and other resources in our EKS clusters are configured following AWS best practices for security. All EKS Cluster configuration is stored, scanned and audited within our git repository ensuring all infrastructure follows the same SDLC process as our application.
Secrets Management: Sensitive data such as credentials and tokens are managed securely using a mixture of AWS Secrets Manage, KMS and Helm plugins, ensuring that secrets are not exposed within the container environment, centrally managed, and encrypted with account based KMS keys.
Pod Security Policies: We use pod roles combined with EKS CNI roles to control the security specifications that a pod must adhere to for it to be accepted into the system.
Network Policies: Implementing network policies to control the traffic between pods within a Kubernetes cluster. This helps to prevent unauthorized access and restricts communication between services that should not interact.
Namespace Isolation: Different components of our applications are deployed in separate Kubernetes namespaces, providing an additional layer of isolation and minimizing the impact of a potential security breach.
Image Scanning: Before deployment, container images are scanned for vulnerabilities using tools like AWS ECR (Elastic Container Registry) scanning or third-party solutions like Aqua Security or Sysdig.
Immutable Container Images: We employ the practice of using immutable container images, which are not changed or updated once they have been built. This reduces the risk of runtime attacks, cross exposure, and long lived process injection.
Runtime Security Monitoring: Continuous monitoring of container runtime environments using tools like Amazon CloudWatch and AWS Security Hub. We also integrate with third-party monitoring solutions like Datadog that provide deeper insights and real-time alerts for suspicious activities in the container environment.
Effective incident response and management are critical for minimizing the impact of security breaches and ensuring a quick return to normal operations. Our approach includes well-defined procedures for detecting, reporting, responding to, and analyzing security incidents, as well as implementing preventive measures.
Continuous Monitoring: VZBL employs continuous monitoring tools like AWS CloudWatch and third-party solutions like Datadog to detect unusual activities or potential security breaches in real-time.
Alert Systems: Automated alert systems are in place to notify our security team immediately upon detection of potential security incidents.
Reporting Channels: Slack channels are established for internal and external reporting of suspected security incidents. This includes mechanisms for employees, customers, and other stakeholders to report anomalies or concerns.
Incident Logging: All suspected and confirmed incidents are logged and documented in a secure and tamper-evident manner for future reference and legal compliance.
Incident Response Team: A dedicated incident response team is established, trained, and ready to respond to security incidents.
Response Protocols: Our response protocols detail the steps to be taken immediately after an incident is detected, including containment, eradication of threats, and recovery processes.
Communication Plan: The plan outlines how and when to communicate with internal teams, affected customers, and if necessary, the public and regulatory bodies.
Legal and Regulatory Compliance: We ensure that our response actions are compliant with legal and regulatory requirements, particularly in terms of notification and disclosure obligations.
Root Cause Analysis: After addressing an incident, we conduct a thorough root cause analysis to understand what happened and why.
Lessons Learned: Insights and lessons learned from the incident are documented and shared with relevant teams to improve our security posture.
Updating Response Plans: Incident response plans and protocols are regularly updated based on the learnings from recent incidents.
Preventive Actions: We implement preventive measures such as updating security protocols, enhancing monitoring systems, and conducting additional employee training to reduce the likelihood and impact of future incidents
Maintaining compliance with industry standards and undergoing regular audits are key components of our security framework. This ensures not only adherence to best practices but also provides transparency and trust for our clients and stakeholders.
International Standards: We adhere to globally recognized standards such as ISO/IEC 27001 for information security management and SOC 2 for service organization control. These frameworks demonstrate our commitment to maintaining high security and privacy standards.
Regulatory Compliance: Depending on the nature of the data we handle and our client base, we comply with relevant regulations like GDPR in Europe, HIPAA for health information in the US, and others as applicable. VZBL does not use, store, or process health or financial data.
Continuous Improvement: Our compliance is not a one-time event but an ongoing process. We continuously monitor changes in industry standards and regulatory requirements and adapt our practices accordingly.
Internal Audits: We conduct regular internal audits to review and assess our security measures, policies, and procedures. These audits help identify potential vulnerabilities and areas for improvement.
External Audits: Independent external auditors are engaged periodically to conduct thorough assessments of our security and compliance status. These audits provide an objective review of our security posture and help ensure that our practices align with industry standards.
Penetration Testing: Regular penetration testing is conducted to simulate cyber attacks and assess the strength of our defenses. This proactive approach allows us to identify and address vulnerabilities before they can be exploited.
Documentation: All policies, procedures, and controls are thoroughly documented. This documentation is regularly reviewed and updated to ensure it reflects current practices and compliance requirements.
Reporting: We maintain comprehensive records of all audits, assessments, and corrective actions taken.
Transparency with Stakeholders: We are committed to transparency with our clients and stakeholders regarding our compliance status. Regular updates are provided on any significant changes to our security posture or compliance status.
Employee Training: VZBL regularly trains our employees on best practices for data security and access control. This includes educating them about the importance of securing their authentication credentials and recognizing potential security threats.
Awareness Programs: Regular awareness programs are conducted to keep our team updated on the latest security threats and the importance of adhering to access control policies.
Cadence: All security training is conducted at least annually and may include additional touch points throughout the year to ensure security awareness stays top of mind.
While our platform operates predominantly in the cloud on Amazon Web Services (AWS) and we maintain a remote workforce, the physical security of the data centers where our services and data are hosted is a critical component of our overall security strategy.
AWS Data Center Security: VZBL relies on AWS's robust physical security measures at their data centers. These measures include multi-layered security controls, 24/7 monitoring, surveillance, and access control technologies.
Environmental Controls: AWS data centers are equipped with environmental controls to mitigate risks from fires, floods, and other natural disasters. This includes automatic fire detection and suppression systems, temperature and climate controls, and redundant power supply systems.
Physical Access Control: Access to AWS data centers is strictly controlled and limited to authorized personnel only. AWS employs a combination of biometric scanning, electronic access cards, and other security measures to ensure that physical access is tightly regulated.
No Direct Access: Given our remote workforce model, our employees do not have direct physical access to the infrastructure hosting our services. All access to AWS resources is managed virtually, ensuring consistent security protocols regardless of location.
Vendor Access Policy: On the rare occasion that physical access to AWS infrastructure is required, such as for maintenance or emergency interventions, AWS's strict vendor access policies come into effect. These policies ensure that only vetted and authorized personnel from AWS or its partners can access the hardware and facilities.
Audit and Compliance: AWS's physical security and access controls are audited regularly for compliance with industry standards, and we ensure that our use of AWS services adheres to these standards. We also review AWS's compliance certifications and audit reports to validate their physical security measures.
In today’s digital landscape, having robust Business Continuity and Disaster Recovery (BCDR) plans is essential. Our approach ensures minimal service interruption and quick recovery in case of major incidents, safeguarding our clients' data and our operational integrity.
Regular Data Backups: VZBL has enabled automated backups of all critical data, including application data, customer information, and system configurations. These backups are stored in multiple secure locations in the AWS cloud. Data warehouse backups are stored for 30 days with cross region replication.
Recovery Testing: Annual testing of our backup and recovery procedures is conducted to ensure they are effective and efficient. This includes simulated scenarios to validate the restoration process under various conditions.
Versioning and Data Integrity: VZBL employs data versioning and snapshotting techniques to maintain historical versions of data. This allows for precise recovery options in case of data corruption or accidental deletion.
Multi-Region Deployment: Our services are deployed across multiple AWS availability zones to provide high availability and redundancy. This mitigates risks associated with regional outages or disasters.
Load Balancing and Auto-Scaling: We use AWS load balancing and auto-scaling to distribute traffic evenly and maintain optimal performance. In the event of an increase in load or a failure in one instance, the system automatically redirects traffic and scales resources to maintain service continuity.
Database Replication: Critical databases are replicated in real-time across multiple geographical locations. This ensures data persistence and accessibility even in the event of a localized failure.
Incident Response Team: A dedicated team is responsible for managing major incidents, with clear roles and responsibilities defined to ensure a coordinated response.
Communication Plan: VZBL employs a robust communication plan to keep stakeholders informed during and after an incident. This includes internal communication channels and external communication with customers and partners.
Regular Plan Updates and Training: Our business continuity plan is reviewed and updated regularly to reflect changing risks and improved strategies. Employees are trained on their roles in these plans to ensure readiness.
Partnerships and Vendor Management: We maintain strong relationships with our vendors, including AWS, to ensure coordinated efforts in disaster response and recovery.
Our BCDR strategies are designed to minimize downtime and data loss, ensuring a resilient and reliable service for our clients. By continually evaluating and enhancing these plans, we are committed to maintaining business operations and protecting our clients' data, even in the face of unforeseen disruptions.
In our interconnected digital environment, third-party vendors play a crucial role in our operational ecosystem. Ensuring their security compliance is paramount to maintaining the overall security posture of our services.
Vetting Process: We conduct a thorough security assessment of potential third-party vendors before engagement. This includes reviewing their security policies, compliance certifications, and past security performance.
Minimum Security Standards: All third-party vendors are required to meet our minimum security standards, which align with industry best practices and regulatory requirements. These standards cover aspects like data encryption, access controls, and incident response capabilities.
Regular Security Reviews: We periodically review the security posture of our third-party vendors to ensure ongoing compliance with our standards.
Continuous Monitoring: Our security team continuously monitors the security status of third-party services. This includes staying updated on any security incidents or vulnerabilities that may affect their services.
Risk Assessment and Management: We regularly assess the risks associated with each third-party vendor and implement appropriate risk management strategies. This could include additional security controls, contractual safeguards, or in some cases, finding alternative vendors.
Incident Response Coordination: In the event of a security incident involving a third-party vendor, our incident response plan includes procedures for coordinating with the vendor to manage and mitigate the incident.
Security Clauses in Contracts: Our contracts with third-party vendors include specific security clauses and requirements. These clauses cover aspects such as data protection, incident reporting, and audit rights.
Liability and Compliance: The contracts clearly define the liability of third parties in case of a security breach and their compliance obligations with relevant laws and standards.
Termination Rights: In cases where a third-party vendor repeatedly fails to meet our security requirements, our contracts include provisions for termination to protect our services and customers.
Mission control for software engineering teams
© 2024 VZBL LLC — All Rights Reserved
