This is our security standard for handling your data in the use of our software.
Architecture
FOND is a cloud-based SaaS tool developed by Biarri Networks and backed by Amazon Web Services (AWS) Global Infrastructure. Under the Shared Responsibility Model, AWS is responsible for the physical security “of the cloud” whilst Biarri Networks handles the security of our operating systems, network configurations, applications and customer data “in the cloud”.
The majority of our AWS infrastructure is based in the Sydney (Australia) region across multiple availability zones for extra durability where possible. Some of the services we use such as Amazon CloudFront also propagate resources outside of Australia via the Global Edge Network in order to deliver content to end users with lower latency.
FOND resources are provisioned in their own private VPC and subnets, logically separated from all other Biarri Networks infrastructure. Similarly, all firewalls and security groups are configured on a least-privileges basis.
Customer Data
Customers retain ownership of their data. Input data is usually in the form of geospatial files (e.g. points, lines and polygons stored in .shp, .tab, .kml or .geojson formats) describing the physical layout of things like demand/service locations or existing conduit and network assets. As such, the data required by FOND to generate fiber optic network designs does not include any Personally Identifiable Information (PII) such as end user names nor Protected Health Information (PHI). Furthermore, the model constructed during the design process is an abstract formulation which would provide no value to any threat actors.
Customer data comprising base input data, design data and project metadata is safely stored in Amazon S3 or DynamoDB protected by encryption-at-rest with AES-256 server-side encryption enabled, see also https://docs.aws.amazon.com/AmazonS3/latest/dev/DataDurability.html.
Traffic between FOND and the end user is also protected by encryption-in-transit via HTTPS/SSL certificates using the latest versions (outdated protocols and cipher suites explicitly blacklisted).
Regular backups are taken and retained for a minimum of 30 days. Customers may request to have their data destroyed earlier if desired.
Access Levels
Customers have full control over project sharing settings, with the ability to give access to a FOND design to colleagues, delivery partners and other key stakeholders.
A designated group of Biarri Networks staff have the ability to access FOND projects in order to provide an adequate level of support and manage the platform itself. These staff members are trained in the latest security best practices. Identity and Access Management is always configured on a least-privileges basis. This means the data is only available to those who require it with read, write or delete permissions granted only as necessary. Adminstrator access to these resources also requires MFA.
Please note Biarri Networks will never ask for your FOND password.
Breaches and Incidents
In the event of a data breach, Biarri Networks will take immediate action to rectify and notify any affected customers in accordance with our Malware Response Plan and Incident Containment Plan. Access and system logs are kept and automated monitoring/alert systems are utilised to ensure staff are notified of potential incidents as early as possible. Our software and systems are kept up-to-date with automated patch management processes to protect against ever-changing threats.
Biarri Networks engage a third party company to regularly conduct penetration testing and security audits to provide an independent verification of security.