Protecting the information and intellectual property of our customers is a principal objective of Beacon’s products and services. As a cloud-native platform developer, Beacon has invested in leading security measures at every point of the platform’s development, deployment, and operations.

Beacon’s security model has two elements that work together to deliver the highest levels of protection:

  • Secure software development lifecycle process, based on DevSecOps methodologies
  • Shared responsibility model for cloud infrastructure and operations with secure installation and isolation of each customer’s operating instances

DevSecOps Graphic


Cloud shared responsibility graphic

Download a summary of Beacon’s Model for Secure Development, Deployment, and Operations


Secure Software Development Life Cycle

DevSecOps (Development, Security, Operations) is a combination of culture, processes, and technologies that treats security as an integral part of and shared responsibility throughout the entire software development lifecycle.

Beacon’s DevSecOps processes are supported and automated by the company’s integrated development environment (IDE), which is based on Visual Studio Code (VSCode). Standardization and automation of development and deployment workflows enhances compliance with best practices, company controls, and regulatory requirements.

Key elements of Beacon’s security architecture:

  • Layered containerized architecture that isolates each workload
  • Least privilege and reduced footprint for all containers, nothing runs at root
  • Version-controlled configuration templates to increase consistency and reduce errors
  • Separation of code and data with encrypted data transfers
  • Isolation of each customer’s data and processing
  • Rapid and safe rebuild of workloads in case of suspected compromise

For more information, download the white paper Building Secure Systems with DevSecOps.

Cloud Infrastructure and Operations

Cloud shared responsibility graphic

Beacon is a private or hosted platform-as-a-service (PaaS) offering with the scalability and flexibility of cloud computing and data services. Security follows a shared responsibility model between cloud provider, Beacon, and customers that leverages the capabilities and resources of each participant to deliver effective security coverage. Cloud infrastructure has been certified and is in use by major organizations around the world, including for data and workloads covered by stringent privacy and confidentiality regulations and top-secret classifications.

Cloud Provider Graphic

The cloud provider is responsible for security of the cloud infrastructure, including physical equipment and locations, identity and access controls, and the software that delivers the compute, storage, database, and networking functionality. This includes:

  • Physical and environmental security and access controls of cloud data centers and facilities
  • Identity services that securely manage and control access to cloud resources
  • Visibility and control of where data is stored and workloads are processed
  • Privacy and confidentiality of data, including key management and encryption
  • Security audits and third-party validations of the cloud operating environment

Beacon Platform Graphic

Beacon is responsible for the virtual machine images, code, containers, data encryption, and some configurations within the cloud infrastructure that each customer uses in their individual, isolated Platform instances. This includes:

  • Security-by-design coding practices, including digital signatures to securely identify binary images
  • Customers control when to pull updated images into their specific instance
  • Standardized container, operating system, network, and firewall configurations
  • Multi-package support to add new capabilities without risking core functionality
  • Encryption of data at rest and in transit with secure storage of keys and access tokens
  • Centralized monitoring, logging, and alerting tools

Customer Instance Graphic

Each Beacon instance is installed directly into a customer’s own cloud account or virtual private cloud. Security of each instance is delivered with a layered architecture that provides consistent installation, access controls, data protection, and automated processes. Customers are responsible for the security aspects of their individual and isolated instances, such as user roles and identities, data flow, and custom development, using a combination of Beacon components and existing corporate security processes and tools. This includes:

  • Management of and authentication against preferred identity and access management system
  • Design and security of data flows to customer-hosted or external data sources
  • Additional firewall, virus scanning, and other security technologies and processes
  • Security of custom code, leveraging Beacon’s secure software development life cycle tools

For more information, download the white paper Sharing Responsibility for Secure Cloud Operations.


Get in Touch

Learn about how we can help you transform your business.Contact us for a 15 minute consultation or to request a full demo.