Your Information is Safe
Our products and services are transforming the cybersecurity compliance industry with a focus on automation to make compliance suck less, but the backbone of our success is ensuring your data is safe and secure.
ByteChek’s Cybersecurity Program
ByteChek aligns its information security program with AICPA SOC 2 and HIPAA requirements and security best practices, specifically ByteChek’s information security policy outlines procedures including, but not limited to, the following processes and procedures:
- Data Backup
- Risk Management
- Configuration Management
- System Access
- Auditing Policy
- Intrusion Detection
- Supply Chain Management
- Disposable Media
- Disaster Recovery
- Code of Conduct
- Data Integrity
- Vulnerability Scanning
ByteChek implements a modern SDLC process reflecting our cloud security experience, including evaluating hundreds of secure software development processes. We implement a continuous delivery process to help automate our release pipelines to ensure fast, secure, and reliable updates to the ByteChek application and infrastructure. This speed and security allows us to deliver updates and features to our platform rapidly.
ByteChek protects our APIs and platform against common web exploits affecting availability or compromising security. We proactively block these common attack patterns, including the OWASP Top 10 security risks. We regularly define rules to filter specific traffic patterns.
All data in transit is protected by an encrypted HTTPS connection and supports TLS 1.2. Our certificates are signed with the SHA256withRSA algorithm for increased confidentiality. All data is encrypted at rest using the industry-standard AES-256 encryption algorithm and is stored in Amazon Aurora DB clusters and snapshots. Data that is encrypted at rest includes the underlying storage for DB clusters, its automated backups, read replicas, and snapshots.
Infrastructure & Supply Chain Security
ByteChek implements an automated security assessment service to help improve the security and compliance of the ByteChek application. ByteChek automatically assesses the platform for exposure, vulnerabilities, and deviations from Common Vulnerabilities and Exposures (CVE), and Center for Internet Security (CIS) Operating System configuration benchmarks.
ByteChek continuously monitors for malicious activity and unauthorized behavior. Machine learning, anomaly detection, and integrated threat intelligence services identify and prioritize potential threats facing the ByteChek platform. ByteChek also continually assesses the security state of the ByteChek platform to analyze security trends and identify the highest priority security issues.
We carefully vet each of our vendors to ensure they meet the standards and compliance we’re committed to. ByteChek partners with Amazon Web Services (AWS) rather than maintaining our own data centers. AWS regularly undergoes independent third-party audits to ensure the security of its services.