FAQ: Security & Governance

Betty Blocks security measurements & more

In the interconnected digital landscape, where applications have become the backbone of modern business operations and personal activities, security is the cornerstone of trust and reliability. By taking security into account during every phase of application development,

Betty Blocks ensures that its users can confidently build, deploy, and use applications without compromising on data confidentiality, integrity, and availability. In this document, you’ll learn how Betty Blocks ensures security for the most asked-about security concerns.


Access controls and authentication mechanisms

Ensuring that only authorized users can access and modify data within the Betty Blocks platform is of utmost importance. To achieve this, Betty Blocks employs robust access controls and authentication mechanisms.

OAuth and single sign-on (SSO)

Betty Blocks integrates industry-standard OAuth and SSO protocols, enabling users to securely authenticate and access the platform using their existing credentials from trusted identity providers.

Role-based access controls

The Betty Blocks platform implements RBAC, allowing administrators to define granular access levels for different user roles. This ensures that users can only access data and perform actions relevant to their roles and responsibilities.

Multi-factor authentication (MFA)

To strengthen user authentication, Betty Blocks offers MFA as an additional layer of security. Users are required to provide multiple forms of identification, such as passwords and one-time verification codes, reducing the risk of unauthorized access due to compromised credentials.

Token-based authentication

To query authenticated requests, the Data API works with tokens. An access token grants you access to certain data (based on the roles and permissions of your application). A refresh token is used to request a (new) access token. Overwrite the default values in the authentication profile settings to extend the token lifetimes.


Data security

Data encryption serves as a fundamental pillar of data security within the Betty Blocks platform. By encrypting sensitive data, Betty Blocks ensures that information remains confidential and protected from unauthorized access. The platform implements robust encryption protocols throughout the data lifecycle, encompassing data at rest and data in transit.

Separated databases

Every Betty Blocks application consists of two separate databases. The first database contains all information about the application itself (i.e. the configuration). The other contains all the actual information that resides within the application. The structure of the second database is created based on the configuration present in the first. Databases are never shared between applications.

Data at Rest encryption

Betty Blocks employs industry-standard encryption algorithms to protect data stored within its databases and file systems. This ensures that even if an unauthorized party gains access to the underlying storage, the data remains encrypted and unintelligible without the decryption keys.

Data in transit encryption

To safeguard data while it travels between the Betty Blocks platform and users' devices, all communications are secured using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. These encryption methods establish secure connections, preventing eavesdropping and tampering during data transmission.

Key management and access control

Betty Blocks strictly controls access to encryption keys to prevent unauthorized decryption of data. Key management practices ensure that keys are securely generated, stored, and rotated regularly to enhance the overall security posture of the platform.

Data transfer mechanisms

When transferring data across international borders, Betty Blocks adopts adequate data transfer mechanisms to ensure that data remains protected by relevant regulations.

Data Protection Officer (DPO)

Betty Blocks has appointed a Data Protection Officer (DPO) responsible for overseeing data protection practices, ensuring compliance with regulations, and addressing privacy-related concerns.

User rights and data access

Betty Blocks empowers its users to exercise their rights under data protection laws, including the right to access, rectify, and delete their data. Requests related to data access and privacy are handled promptly and securely.


AI data security

Organizations can rest assured that their data is secure and governance measures are in place to provide transparency and accountability.

Governance

We guarantee security against external access and internal permissions. Our governance features will protect against unauthorized usage. You can give users different roles and permissions, ensuring they only use the data and LLM approved for their needs.

Vector database

Vector database stores data in Vectors. This enables the database to excel at performing similarity searches. The Vector database is a shared database; every customer gets its own index to store data. Apps can also get their own Index. The data inside a Vector Database is as secure as those inside our SQL databases; your data cannot be accessed by other users of our platform.

LLM hosting

Within the Betty Blocks platform, users can choose three levels of security. Externally hosted by a provider of choice, where security depends on the hosting party; Hosted by Betty Blocks in a secure and controlled cloud environment on Azure or hosted on-premises, providing the most secure environment for private data.


Backup and recovery practices

Data integrity and availability are critical for Betty Blocks and its users. To safeguard against data loss and ensure seamless business continuity, Betty Blocks implements robust backup and recovery practices.

Daily backup and recovery tests

Automated backup and recovery tests are conducted daily to validate the integrity and effectiveness of data backups. These tests verify that data can be reliably restored, ensuring minimal data loss in the event of a disaster.

Direct notification to CISO

Betty Blocks has implemented a direct notification system to alert the Chief Information Security Officer (CISO) immediately upon the success or failure of backup and recovery tests. This ensures that any potential issues are promptly addressed and resolved.

Redundancy and disaster recovery sites

Betty Blocks maintains redundant systems and disaster recovery sites to ensure data redundancy and continued operations in the event of a primary site failure. This approach enhances platform resilience and minimizes downtime.

Continuous data monitoring

Data integrity is continuously monitored to identify any anomalies that may indicate data corruption or unauthorized changes. Early detection allows for rapid remediation and ensures data consistency.

Version control and data archiving

Betty Blocks employs version control and data archiving mechanisms to retain historical data versions, facilitating data restoration to specific points in time if required.


Compliance measurements and certifications

To validate our dedication to information security and privacy, we have pursued rigorous security certifications and compliance with industry-leading standards.

ISO 27001:2017 certification

The ISO 27001:2017 certification is a testament to Betty Blocks's dedication to implementing rigorous security measures and adhering to a systematic approach to managing information security risks. This certification assures users that Betty Blocks complies with the highest industry standards for safeguarding data and maintaining the confidentiality, integrity, and availability of information.

SOC2-type service and trust principles

Building upon its ISO 27001 certification, Betty Blocks has designed a comprehensive control framework aligned with the SOC2 (Service Organization Control 2) Trust Services Criteria (TSC). The SOC2 TSC framework assesses the security, availability, processing integrity, confidentiality, and privacy of services provided by Betty Blocks.


Ongoing and regular security audits and assessments

To maintain the highest standard of security, Betty Blocks conducts regular security audits and assessments.

SOC2 TSC compliance control framework

Betty Blocks has meticulously crafted its SOC2 TSC compliance control framework, aligning with industry best practices and regulatory requirements. This framework encompasses a comprehensive set of controls that are designed to protect user data, monitor system availability, and maintain confidentiality throughout all aspects of its platform.

Independent third-party audit (coming soon)

The SOC2 TSC compliance control framework audit will be conducted by an independent third-party security firm to provide an impartial and objective evaluation of Betty Blocks's security measures. This rigorous assessment will validate the effectiveness of Betty Blocks's security controls and practices.

Internal security audits

Betty Blocks performs internal security audits to evaluate its platform's security controls, processes, and configurations. These audits help identify areas for improvement and ensure ongoing compliance with security standards.

Third-party security assessments

Betty Blocks engages reputable third-party security firms to conduct independent assessments of the platform. These assessments provide an unbiased evaluation of Betty Blocks's security measures and validate its commitment to security.


OWASP low-code/no-code Top 10

Betty Blocks actively trains its developers to be vigilant against the OWASP Top 10 vulnerabilities and actively scans (where possible) its codebase to prevent these most common errors from being made. Other questions and answers in this document will also overlap with OWASP security risks.


DDoS protection

Betty Blocks’ public cloud platform is hosted on the Microsoft Azure infrastructure. Azure DDoS Protection protects Azure resources from distributed denial of service (DDoS) attacks with always-on monitoring and automatic network attack mitigation. Azure includes DDoS protection for all its services and is considered industry-leading.

This document is for general information purposes only. This is compiled with due care; however, this document is provided ‘as is’ with no guarantee of completeness, accuracy, reliability, fitness for a particular purpose, or usefulness with respect to its content. Reliance on this document is strictly at your own risk, Betty Blocks will in no event be liable for any decisions made or actions taken in reliance on the information of this document nor for any damage.

 

Betty Blocks © Copyright 2023. All rights reserved.