Beebole Prioritizes Customer Data and Security with BugcrowdDownload Case StudyAbout BeeboleBeebole is an employee time tracking SaaS solution for organizations of all sizes. With Beebole, businesses can efficiently measure the time spent on clients, projects, and tasks. They can also control budgets, costs, leaves of absence, timesheet approvals, and more with a simple dashboard and fully configurable reports.Background InformationCompanies from more than 60 countries, spanning all types of industries and sizes, rely on Beebole for their time tracking and project management needs. Beebole chose Bugcrowd’s penetration testing as-a-service to identify potential vulnerabilities in its application. For the Beebole platform to effectively track employee time, calculate budgets, and manage project profitability, Beebole must store important, sensitive employee data. Beebole has never taken this task lightly for three reasons:There is a moral obligation to do the right thing and protect people’s data.Of course, there is a legal obligation to abide by the contracts that clients sign.Last but not least, there is a question of brand reputation. Beebole’s success relies on preserving its clients’ trust.Data security and protection for Beebole involves a series of processes and practices that are embodied and executed on a daily basis. As part of these practices, Bugcrowd’s penetration testing services assure Beebole that its security processes and practices are effective.Industry TechnologyBugcrowd Product Bugcrowd Pen Testing as-a-ServiceChallenge Beebole needs to ensure sensitive employee data within its time tracking SaaS platform is protected against security vulnerabilitiesOutcomesLeveraged more agile and creative security researchers to find potential vulnerabilitiesImproved security efficiency by fixing and checking all pinpointed issues within the same pen testBugcrowd pen testing gives me, my team, and our clients complete peace of mind that BeeBole is up and running securelyYves Hiernaux, CEO, BeeboleBeebole’s day-to-day approach to dataWhen it comes to managing sensitive data, Beebole implements:Access controls: Choosing to work with Linode (Equinix) was no fluke; Beebole chose arguably the safest server in the world for a reason.Authentication: There’s a clear record of who has access to what data and when.Backups & recovery: In the case of data corruption, failure, or some other unexpected disaster, there’s a recovery plan in place with backed-up data.Data resiliency: This protection ties into backups and recovery, but data resiliency is key to making sure that if there is some sort of failure, that the data can be brought back accurately.Data encryption: Ensuring that the data is not accessible to outside sources.Other important policies in actionHere are a few more policies that help keep Beebole’s data secure:Confidentiality: Data is accessed only by authorized users with proper credentials.Integrity: Data is stored in a reliable, accurate environment, and it’s not subject to unwarranted or unapproved changes.Availability: Data is readily—and safely—accessible for online business needs.Other important policies in actionHere are a few more policies that help keep Beebole’s data secure:Real-time alerts: From firewall and Linode notifications, to alerts when there is a significant number of errors in the app, Beebole is notified in real-time whenever a potential issue arises.Data risk assessment: Beebole knows where all data resides at all times, knows whether or not it’s sensitive, understands who has access (and if they should), and reviews permissions and access levels at all times.Data minimization: There is such a thing as too much data, which is why Beebole minimizes the amount of data collected and stored by asking one simple question: Do we really need this data? If not, it’s purged.A new policy: Pentesting with BugcrowdBeebole decided to widen its security testing capabilities by leveraging Bugcrowd’s pen testing-as-a-service offerings. Adding an external security assessment to its broad list of data security policies allows for an even deeper peace of mind, both for Beebole and for their varied customer base.For Beebole, getting the stamp of approval from Bugcrowd not only proved that the security processes, capabilities and systems put in place are working, but it’s proof for Beebole’s customers, too: Beebole cares about data security, and they’ve got the pen tests to back it up.So, why Bugcrowd?Beebole wanted to work with the best of breed, and Bugcrowd is the leader in the cyber security world specializing in penetration tests, VDPs, and bug bounty programs, among others.Bugcrowd security researchers are extremely agile and creative in their work; instead of spending a finite amount of time on testing and checking off a standard check-list, they think outside the box to find potential holes or security issues throughout a span of three weeks.They work fast and efficiently; issues that are pinpointed are fixed and checked all within the same pen test.Bugcrowd delivers what was promised, and then some. Apart from providing a technical summary, which is great for Beebole to share with IT professionals, they also provide an executive summary for a more digestible version of the work they do.