In the interconnected digital landscape, where applications have become the backbone of modern business operations and personal activities, security is the cornerstone of trust and reliability. By taking security into account during every phase of application development,

Betty Blocks ensures that its users can confidently build, deploy, and use applications without compromising on data confidentiality, integrity, and availability. In this document, you’ll learn how Betty Blocks ensures security for the most asked-about security concerns.

Ensuring that only authorized users can access and modify data within the Betty Blocks platform is of utmost importance. To achieve this, Betty Blocks employs robust access controls and authentication mechanisms.

Betty Blocks integrates industry-standard OAuth and SSO protocols, enabling users to securely authenticate and access the platform using their existing credentials from trusted identity providers.

The Betty Blocks platform implements RBAC, allowing administrators to define granular access levels for different user roles. This ensures that users can only access data and perform actions relevant to their roles and responsibilities.

To strengthen user authentication, Betty Blocks offers MFA as an additional layer of security. Users are required to provide multiple forms of identification, such as passwords and one-time verification codes, reducing the risk of unauthorized access due to compromised credentials.

To query authenticated requests, the Data API works with tokens. An access token grants you access to certain data (based on the roles and permissions of your application). A refresh token is used to request a (new) access token. Overwrite the default values in the authentication profile settings to extend the token lifetimes.

Data encryption serves as a fundamental pillar of data security within the Betty Blocks platform. By encrypting sensitive data, Betty Blocks ensures that information remains confidential and protected from unauthorized access. The platform implements robust encryption protocols throughout the data lifecycle, encompassing data at rest and data in transit.

Every Betty Blocks application consists of two separate databases. The first database contains all information about the application itself (i.e. the configuration). The other contains all the actual information that resides within the application. The structure of the second database is created based on the configuration present in the first. Databases are never shared between applications.

Betty Blocks employs industry-standard encryption algorithms to protect data stored within its databases and file systems. This ensures that even if an unauthorized party gains access to the underlying storage, the data remains encrypted and unintelligible without the decryption keys.

To safeguard data while it travels between the Betty Blocks platform and users' devices, all communications are secured using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. These encryption methods establish secure connections, preventing eavesdropping and tampering during data transmission.

Betty Blocks strictly controls access to encryption keys to prevent unauthorized decryption of data. Key management practices ensure that keys are securely generated, stored, and rotated regularly to enhance the overall security posture of the platform.

When transferring data across international borders, Betty Blocks adopts adequate data transfer mechanisms to ensure that data remains protected by relevant regulations.

Betty Blocks has appointed a Data Protection Officer (DPO) responsible for overseeing data protection practices, ensuring compliance with regulations, and addressing privacy-related concerns.

Betty Blocks empowers its users to exercise their rights under data protection laws, including the right to access, rectify, and delete their data. Requests related to data access and privacy are handled promptly and securely.

Organizations can rest assured that their data is secure and governance measures are in place to provide transparency and accountability.

We guarantee security against external access and internal permissions. Our governance features will protect against unauthorized usage. You can give users different roles and permissions, ensuring they only use the data and LLM approved for their needs.

Vector database stores data in Vectors. This enables the database to excel at performing similarity searches. The Vector database is a shared database; every customer gets its own index to store data. Apps can also get their own Index. The data inside a Vector Database is as secure as those inside our SQL databases; your data cannot be accessed by other users of our platform.

Within the Betty Blocks platform, users can choose three levels of security. Externally hosted by a provider of choice, where security depends on the hosting party; Hosted by Betty Blocks in a secure and controlled cloud environment on Azure or hosted on-premises, providing the most secure environment for private data.

Data integrity and availability are critical for Betty Blocks and its users. To safeguard against data loss and ensure seamless business continuity, Betty Blocks implements robust backup and recovery practices.

Automated backup and recovery tests are conducted daily to validate the integrity and effectiveness of data backups. These tests verify that data can be reliably restored, ensuring minimal data loss in the event of a disaster.

Betty Blocks has implemented a direct notification system to alert the Chief Information Security Officer (CISO) immediately upon the success or failure of backup and recovery tests. This ensures that any potential issues are promptly addressed and resolved.

Betty Blocks maintains redundant systems and disaster recovery sites to ensure data redundancy and continued operations in the event of a primary site failure. This approach enhances platform resilience and minimizes downtime.

Data integrity is continuously monitored to identify any anomalies that may indicate data corruption or unauthorized changes. Early detection allows for rapid remediation and ensures data consistency.

Betty Blocks employs version control and data archiving mechanisms to retain historical data versions, facilitating data restoration to specific points in time if required.

To validate our dedication to information security and privacy, we have pursued rigorous security certifications and compliance with industry-leading standards.

The ISO 27001:2017 certification is a testament to Betty Blocks's dedication to implementing rigorous security measures and adhering to a systematic approach to managing information security risks. This certification assures users that Betty Blocks complies with the highest industry standards for safeguarding data and maintaining the confidentiality, integrity, and availability of information.

Building upon its ISO 27001 certification, Betty Blocks has designed a comprehensive control framework aligned with the SOC2 (Service Organization Control 2) Trust Services Criteria (TSC). The SOC2 TSC framework assesses the security, availability, processing integrity, confidentiality, and privacy of services provided by Betty Blocks.

To maintain the highest standard of security, Betty Blocks conducts regular security audits and assessments.

Betty Blocks has meticulously crafted its SOC2 TSC compliance control framework, aligning with industry best practices and regulatory requirements. This framework encompasses a comprehensive set of controls that are designed to protect user data, monitor system availability, and maintain confidentiality throughout all aspects of its platform.

The SOC2 TSC compliance control framework audit will be conducted by an independent third-party security firm to provide an impartial and objective evaluation of Betty Blocks's security measures. This rigorous assessment will validate the effectiveness of Betty Blocks's security controls and practices.

Betty Blocks performs internal security audits to evaluate its platform's security controls, processes, and configurations. These audits help identify areas for improvement and ensure ongoing compliance with security standards.

Betty Blocks engages reputable third-party security firms to conduct independent assessments of the platform. These assessments provide an unbiased evaluation of Betty Blocks's security measures and validate its commitment to security.

Betty Blocks actively trains its developers to be vigilant against the OWASP Top 10 vulnerabilities and actively scans (where possible) its codebase to prevent these most common errors from being made. Other questions and answers in this document will also overlap with OWASP security risks.

Betty Blocks’ public cloud platform is hosted on the Microsoft Azure infrastructure. Azure DDoS Protection protects Azure resources from distributed denial of service (DDoS) attacks with always-on monitoring and automatic network attack mitigation. Azure includes DDoS protection for all its services and is considered industry-leading.

This document is for general information purposes only. This is compiled with due care; however, this document is provided ‘as is’ with no guarantee of completeness, accuracy, reliability, fitness for a particular purpose, or usefulness with respect to its content. Reliance on this document is strictly at your own risk, Betty Blocks will in no event be liable for any decisions made or actions taken in reliance on the information of this document nor for any damage.

Betty Blocks © Copyright 2023. All rights reserved.