Protecting the information and intellectual property of our customers is a principal objective of Beacon’s products and services. As a cloud-native platform developer, Beacon has invested in leading security measures at every point of the platform’s development, deployment, and operations.
Beacon’s security model has two elements that work together to deliver the highest levels of protection:
Secure software development lifecycle process, based on DevSecOps methodologies Shared responsibility model for cloud infrastructure and operations with secure installation and isolation of each customer’s operating instances
+
Download a summary of Beacon’s Model for Secure Development, Deployment, and Operations
Secure Software Development Life Cycle
DevSecOps (Development, Security, Operations) is a combination of culture, processes, and technologies that treats security as an integral part of and shared responsibility throughout the entire software development lifecycle.
Beacon’s DevSecOps processes are supported and automated by the company’s integrated development environment (IDE), which is based on Visual Studio Code (VSCode). Standardization and automation of development and deployment workflows enhances compliance with best practices, company controls, and regulatory requirements.
Key elements of Beacon’s security architecture:
Layered containerized architecture that isolates each workload Least privilege and reduced footprint for all containers, nothing runs at root Version-controlled configuration templates to increase consistency and reduce errors Separation of code and data with encrypted data transfers Isolation of each customer’s data and processing Rapid and safe rebuild of workloads in case of suspected compromise
For more information, download the white paper Building Secure Systems with DevSecOps.
Cloud Infrastructure and Operations
Beacon is a private or hosted platform-as-a-service (PaaS) offering with the scalability and flexibility of cloud computing and data services. Security follows a shared responsibility model between cloud provider, Beacon, and customers that leverages the capabilities and resources of each participant to deliver effective security coverage. Cloud infrastructure has been certified and is in use by major organizations around the world, including for data and workloads covered by stringent privacy and confidentiality regulations and top-secret classifications.
The cloud provider is responsible for security of the cloud infrastructure, including physical equipment and locations, identity and access controls, and the software that delivers the compute, storage, database, and networking functionality. This includes:
Physical and environmental security and access controls of cloud data centers and facilities Identity services that securely manage and control access to cloud resources Visibility and control of where data is stored and workloads are processed Privacy and confidentiality of data, including key management and encryption Security audits and third-party validations of the cloud operating environment
Beacon is responsible for the virtual machine images, code, containers, data encryption, and some configurations within the cloud infrastructure that each customer uses in their individual, isolated Platform instances. This includes:
Security-by-design coding practices, including digital signatures to securely identify binary images Customers control when to pull updated images into their specific instance Standardized container, operating system, network, and firewall configurations Multi-package support to add new capabilities without risking core functionality Encryption of data at rest and in transit with secure storage of keys and access tokens Centralized monitoring, logging, and alerting tools
