Software Updating and Patch Management
Critical security patches are automatically applied on a BeBop workstation when the user logs in. Our machine images are updated monthly and we encourage rotating the workstations monthly by terminating old ones and launching new ones.
The organization can also signup for BeBop’s “Advance Customer Support” in which we implement a software management orchestrator to automatically patch workstations as new patches are released. This is managed by our customer support teams to keep your machines updated regularly with the latest security patches.
Warning: time to time a latest windows patch might break an application used on that workstation. It is recommend that organization implement a terminate/replace with a new workstation policy for the best and most secure working experience on a BeBop workstation.
ALL customer infra deployed using encrypted at rest disks. Example: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
We use HTTPS encryption on all data in transit.
Most of our info deployed in the customer’s CSP account is disposable infra. We implement our software using the Chaos Theory. If something goes wrong we can just launch a new instance and work continues. So backups are not needed in most of our infra.
Content level backups of media files is at the discretion of the Organization. We can implement snapshots of the media files utilizing CSP based snapshot services like AWS EBS Snapshot. We have standard backup policies for our application which is encrypted in flight and at Rest.
We monitor instance level events like memory, cpu, and disk size. A customer can choose to use any of the CSP services for this like AWS Cloud Trail, Guard Duty to monitor security level events. They can also choose to install their own security agents on the infra deployed in their account to monitor the instances. Many of our enterprise customers install their own agents that are in compliance with their security scanning softwares.