Protecting Our Customer Data

Posted by Charles Edge on August 18th, 2015

How secure is your data on Bushel? Your data on anything is only ever as secure as your password. At Bushel, we take a lot of precautions to protect your data, including from ourselves. We time out your session, we encrypt your session on a per-transaction basis, and we encrypt your data while at rest on our servers (although consider it like the secure enclave in iOS, where we encrypt the data that needs to be encrypted – such as FileVault keys and activation lock bypass information). These basic precautions keep your communication with Bushel secure and prevent people from doing things like hijacking your session.

Our communications with your devices are secured in a similar fashion. All communications with devices are encrypted. And each device has a key on our servers, so that when it communicates with us, we are able to preserve the integrity of that communication. And a key on the device for preserving the integrity of communications back to the device.

And we protect you from us. We are working on SOC2 compliance at JAMF, so there are also a number of firewalls setup from a business process perspective. For example, I cannot interact directly with your data. This is because I have access to source code. And vice versa, someone with access to data on the servers does not have access to the source code and so cannot actually take action based on the encrypted data sitting on the servers. Also, all access anyone in the organization has is logged and tracked.

This isn’t necessarily a Security FAQ, but it does outline some of what we’re doing today to secure and protect your data. In the future, we will be adding other items to what we do to secure data, keeping up with modern and emerging threats.

However, we are a SaaS-based solution. And so to reiterate how I started this post, your data (and by virtue, the actions that can be taken on your devices) is only as secure as your password. We are in some ways more secure than a publicly accessible on premises server that does the same kind of stuff we do. But in other ways, we are publicly accessible and so will always be looking for ways to better protect your data while remaining as easy to use as we can be.

Thanks, and feel free to comment on this article with more specific questions and we will be happy to answer them. After all, we believe that transparency is the cornerstone of any security plan!