No matter where you live, leaving the house without locking your door leaves you feeling anxious. Now, when it comes to software platforms, you don’t always get to choose how (or even if) your data is locked away securely. Today, we’re going to pull back the curtain on what our no-code platform does to protect your organization’s deepest darkest secrets data.
Before getting into specifics, in September 2017, Betty Blocks became the very first no-code platform to obtain ISO 27001 certification. Every year we go through audits to ensure our customers are guaranteed to be protected. Humblebrag over, let’s dive into 5 ways your data is protected by our platform.
Industry-standard practises might be a boring place to start but they’re still a really important factor for overall data security. As any father figure or gym teacher might say: You must learn to walk before you can run. You can think these as the ‘walking’ features you’ll have access to in Betty Blocks:
Multi-factor authentication:
Love it or hate it, 2-factor authentication alone can prevent account theft or data breaches if your login details are stolen. There are dozens of login tools out there, in our case that is FusionAuth because of its more modern offerings compared to our previous tool.
Encryption
Through its cloud architecture, Betty Blocks natively encrypts all data stored within the platform. If you watched any ‘hacker-man’ type movies in the 90s then you’ll know encryption keeps information a scrambled mess until a specific code is transmitted.
Change logs
Maybe not relevant for everyone but an accurate record of ‘who done it’ is invaluable for system administrators. Close logs are kept on activities within your platform that can give indications of where faults accrued or alert you to suspicious happenings.
Administrator roles
Company administrators are IT professionals who govern and support the activities of users within the platform. A company admin can assign access rights and building permissions to specific users or groups. It is possible to identify multiple company admins within your organization.
Controlling exactly who in your organization can access, edit, or build using your data is just as important as preventing external parties from getting their hands on it. Whether you are active in the law industry or in an NGO. Access rights are important! Obviously, you trust Bryan in finance but he shouldn’t be scrolling through HR databases. Advanced user rights, roles, and permissions are the most effective way to protect your organization from people like Bryan.
Secured by default
There are 2 ways to do permissions in our eyes: accessible by default or secured by default. Others may call this whitelisting vs. blacklisting. In Betty Blocks, every new module, block, or data model can only be accessed by those with the relevant permissions.
Exceptions to that list must be added retroactively. It’s a decision that can cost a few extra minutes but potentially saves hundreds of hours if it hadn’t been in place to begin with.
User roles
Within Betty Blocks, only authorized users can access or modify data. A user’s role is directly tied to the user’s rights and restrictions in relation to the end-user’s data. This built-in authorization process defines if a user can create, read, update, delete, import, or export information.
Identity management (governance center)
Your whole organization can be controlled by the My Betty Blocks portal. Here, administrators and managers can verify which users are active within the system, which user roles they have been assigned, in which applications they are working, and what changes they have applied within the development environment.
Things happen; buttons get clicked and weeks of work can disappear in an instant (thanks, Bryan). Never fear though because, in Betty Blocks, accidents aren’t the end of the world.
Rollback system
Probably the most simple solution to any accidents is to simply undo it. To make proper use of rollbacks, developers should keep in mind that saving multiple rollback points will always be safer than having one or two.
Branching (versioning)
With multiple developers able to work simultaneously in the platform, ensuring work doesn’t get overwritten is important. To prevent issues, the system automatically checks for conflicts in both changes and allows developers to select whether or not to overwrite any conflicting modules. This check is also performed when merging changes between sandboxes.
Last but not least, we couldn’t say that our no-code platform is completely safe without really putting it to the test. There are plenty of independent companies around that use ethical methods to try to find weaknesses in systems. Betty Blocks takes part in multiple tests per year plus regularly investigates known threats in the industry.
Security tests
Penetration tests are performed on the platform on a monthly basis by leading IT security firm BDO. These tests are based on the Open Source Security Testing Methodology Manual (OSSTMM), Information Systems Security Assessment Framework (ISSAF), and the Open Web Application Security Project (OWASP).
Compliance to OWASP Top 10
The Open Web Application Security Project (OWASP) is a non-profit organization that annually compiles a list of the top 10 security flaws within IT infrastructures. Betty Blocks complies with all the vulnerabilities threats mentioned on this list.
As you can see, Betty Blocks has got your back when it comes to information security. This isn’t a 100% complete list, partly because this article is already quite long but also to ensure some of our methods are kept secret.
If you’re curious about anything mentioned above or want to see a particular security feature in action then please feel free to reach out to arrange a personalized demo based on any questions you may have.
This article will self-destruct in 5… 4… 3… 2… 1!