Beebole prioritizes customer data and security with Bugcrowd

About Beebole

Beebole is an employee time tracking SaaS solution for organizations of all sizes. With Beebole, businesses can efficiently measure the time spent on clients, projects, and tasks. They can also control budgets, costs, leaves of absence, timesheet approvals, and more with a simple dashboard and fully configurable reports.

Background Information

Companies from more than 60 countries, spanning all types of industries and sizes, rely on Beebole for their time tracking and project management needs. Beebole chose Bugcrowd’s penetration testing as-a-service to identify potential vulnerabilities in its application. For the Beebole platform to effectively track employee time, calculate budgets, and manage project profitability, Beebole must store important, sensitive employee data. Beebole has never taken this task lightly for three reasons:

• There is a moral obligation to do the right thing and protect people’s data.
• Of course, there is a legal obligation to abide by the contracts that clients sign.
• Last but not least, there is a question of brand reputation. Beebole’s success relies on preserving its clients trust.

Data security and protection for Beebole involves a series of processes and practices that are embodied and executed on a daily basis. As part of these practices, Bugcrowd’s penetration testing services assure Beebole that its security processes and practices are effective.

Beebole’s Day-to-Day Approach to Data

• Access controls: Choosing to work with Linode (Equinix) was no fluke; Beebole chose arguably the safest server in the world for a reason.
• Authentication: There’s a clear record of who has access to what data and when.
• Backups & recovery: In the case of data corruption, failure, or some other unexpected disaster, there’s a recovery plan in place with backed-up data.
• Data resiliency: This protection ties into backups and recovery, but data resiliency is key to making sure that if there is some sort of failure, that the data can be brought back accurately.
• Data encryption: Ensuring that the data is not accessible to outside sources.

Beebole’s Standpoint on Security

For what goes into protecting the data that Beebole stores, Beebole follows the CIA triad:

• Confidentiality: Data is accessed only by authorized users with proper credentials.
• Integrity: Data is stored in a reliable, accurate environment, and it’s not subject to unwarranted or unapproved changes.
• Availability: Data is readily and safely accessible for online business needs.

Other Important Policies in Action

Here are a few more policies that help keep Beebole’s data secure:

• Real-time alerts: From firewall and Linode notifications, to alerts when there is a significant number of errors in the app, Beebole is notified in real-time whenever a potential issue arises.
• Data risk assessment: Beebole knows where all data resides at all times, knows whether or not it’s sensitive, understands who has access (and if they should), and reviews permissions and access levels at all times.
• Data minimization: There is such a thing as too much data, which is why Beebole minimizes the amount of data collected and stored by asking one simple question: Do we really need this data? If not, it’s purged.

A New Policy: Pen Testing With Bugcrowd

Beebole decided to widen its security testing capabilities by leveraging Bugcrowd’s pen testing-as-a-service offerings. Adding an external security assessment to its broad list of data security policies allows for an even deeper peace of mind, both for Beebole and for their varied customer base.

For Beebole, getting the stamp of approval from Bugcrowd not only proved that the security processes, capabilities and systems put in place are working, but it’s proof for Beebole’s customers, too: Beebole cares about data security, and they’ve got the pen tests to back it up.

So, Why Bugcrowd?

• Beebole wanted to work with the best of breed, and Bugcrowd is the leader in the cyber security world specializing in penetration tests, VDPs, and bug bounty programs, among others.
• Bugcrowd security researchers are extremely agile and creative in their work; instead of spending a finite amount of time on testing and checking off a standard check-list, they think outside the box to find potential holes or security issues throughout a span of three weeks.
• They work fast and efficiently; issues that are pinpointed are fixed and checked all within the same pen test.
• Bugcrowd delivers what was promised, and then some. Apart from providing a technical summary, which is great for Beebole to share with IT professionals, they also provide an executive summary for a more digestible version of the work they do.