How the security of your data empowers the success of your program

How the security of your data empowers the success of your program

Not all extended workforce management solutions are equally secure. Beeline’s Extended Workforce Platform is built on the Beeline Private Cloud and Microsoft Azure Cloud Platform as a Service (PaaS) offering. Our Hybrid Cloud security is built around the Zero Trust model, where the principles of least privilege and micro-segmentation are applied for maximum data security.

Data Security Website

Beeline Extended Workforce Platform architecture is designed with the following principles:

Each client’s data is logically segregated

— Strong data encryption at rest and in transit

Principle of Least Privilege and Zero Trust

— Top-tier load balancers, switches, and firewalls

Best-of-breed tools and technologies

— Regular audits, examinations, and international certification

“According to the cloud security alliance (CSA), data breaches are a top concern for SaaS, particularly in light of very public data breaches. Some security checks can be simplified by checking whether your SaaS partner adheres to the lates standards.”

Forrester

State of the art data centers

Beeline has four private cloud data centers spanning two continents. In addition to data centers in Jacksonville, Florida and Aurora, Colorado, Beeline employs two European data centers located in Frankfurt and Dusseldorf, Germany. Our microservices are hosted in redundant Microsoft Azure data centers in the Central and South-Central US Regions and in Germany’s North and West Central Regions.

At Beeline, we know that many European companies have concerns about liability and confidentiality issues, sensitive company and personal information, as well as data security. These companies gain confidence knowing that Beeline is a trusted Software-as-a-Service (SaaS) solution provider that can host their data within Europe, closer to their operations and covered by European data protection and privacy laws.

Beeline has four private cloud data centers spanning two continents.

GDPR compliance

Beeline has taken all necessary steps to be compliant with the GDPR, including rewriting policies, appointing a Data Privacy Officer, setting up a process to handle complaints or concerns about the way in which personal data is being used, assigning an ADR, creating a data breach response to comply with the reporting requirements and timelines.

Beeline also understands that one of the most difficult aspects of the GDPR law to comply with is the right to be forgotten. We have taken strides to ensure that we can provide the capability for all our customers to enact this right through our extended workforce platform. Beeline continues to monitor the implementation of the GDPR and make changes as necessary.

Continuous operations

Beeline has Business Continuity and Disaster Recovery Plans in place to ensure that our clients’ data will be secure, and their programs will not be seriously disrupted in the event of natural or other disasters. Our backup policy meets contractual requirements and industry standards, and we have standard Recovery Point and Recovery Time Objectives in place with every client.

In a recent survey, clients were asked how they felt about Beeline’s data security. One client from a Fortune 500 insurance company responded, “We haven’t had any problems. The way they are segregating the data of different customers, and also the fact that they have a very well-defined business continuity plan – in case of a disaster, they can be up and running very quickly. Those things make me score them very high in the area of data security.”

Successful completion of annual audits and examinations

With global clients in diverse industries, Beeline participates in annual client security audits and on-site visits to satisfy our clients’ needs for vendor oversight. Beeline undergoes annual SSAE 18/ISAE-3402 Type II SOC 1 and 2 and ISO 27001/2/17/18 audits, conducted by independent third parties. Beeline has successfully completed SOC 1 and SOC 2 examinations performed by BrightLine CPAs & Associates, Inc., these Service Organization Control (SOC) examinations are standards established by the American Institute of Certified Public Accountants (AICPA).

SOC examinations allow Beeline to provide our customers with detailed information regarding the system and controls that impact internal controls in financial reporting, and allow Beeline to ensure that policies, processes, and procedures are in place to protect customer system resources and information designated as confidential.

ISO CERTIFICATION

— ISO/IEC 27001:2013 – Information security management systems requirements

— ISO/IEC 27017:2015 – Code of practice for information security controls based on ISO/IEC 27002 for cloud services

— ISO/IEC 27018:2019 – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system (ISMS).

Adherence to annual SSAE 18 / ISAE 3402 audit processes

Beeline adheres to rigorous, year-round Standards for Attestation Engagements (SSAE 18) and International Standard on Assurance Engagements (ISAE 3402) audit processes, offering a full-year auditing window to ensure our clients’ audits have full coverage.

Standards for Attestation Engagements – (SSAE 18)

International Standard on Assurance Engagements (ISAE 3402)

Both SSAE 18 and ISAE 3402 engagements allow Beeline to have its control policies and procedures evaluated and tested by an independent party. This process often results in the identification of opportunities for improvements in many operational areas.

How these examinations benefit Beeline’s customers:

Ensures that all customers and their auditors have access to the same information, and in many cases satisfying the user auditor’s requirements

— Provides customers with valuable information regarding Beeline’s controls and the effectiveness of those controls

— Provides customers with a detailed description of Beeline’s controls and an independent assessment of whether the controls were placed in operation, suitably designed, and operating effectively Allows customers to provide a Service Auditor’s Report to their auditors

Cloudflare

Beeline uses Cloudflare – a premier Internet content delivery network that provides web application acceleration to all corners of the earth while ensuring security, reliability, and integrity of data across its global network. If Cloudflare should ever go offline, traffic would redirect to the Beeline network and route the data through Beeline data centers.

Data centers only offer physical protection of data. To better address all aspects of security, Beeline implemented additional layers of protection by deploying Cloudflare’s security services to block attacks. Cloudflare detects and deflects threats in HTTP and HTTPS traffic before they ever reach the customer.

“Security is a concern for everyone, and this solution allows us to respond quickly to vulnerabilities and ‘zero-day threats’ on a 24/7 basis.”

– Allen Rittscher, Beeline Chief Information Security Officer

Security and encryption protocols

Encryption at Rest and in Transit

Beeline Extended Workforce Platform uses the AES-256 encryption standard. The implemented encryption standards meet or exceed FIPS 140.2 requirements.

The Beeline platform utilizes whole disk encryption for data storage and additionally encrypts PII fields in the database using the AES-256 encryption standard.

All data in transit uses Transport Layer Security. The Beeline platform leverages respected Certificate Authority providers to create our public certificates, which are always created with a minimum of 2,048-bit private keys.

We minimize clients’ risk of exposure to the latest threats and vulnerabilities.

Beeline technology partners recognized by Gartner as Magic Quadrant Leaders

Despite dynamically changing environments and attacks, Beeline leverages industry-leading technologies for automatic provisioning, tuning, and enforcement of security policies and rules across control points—without manual intervention. In fact, Gartner recognizes some of Beeline’s technology partners as Magic Quadrant Leaders:

Juniper Networks® JSA Series Secure Analytics

Beeline’s intrusion prevention partner, Juniper, not only helps to detect and prevent breaches, but also provides holistic analytics. The integrated approach of JSA Series Secure Analytics, used in conjunction with unparalleled data collection, analysis, correlation, and auditing capabilities, enables organizations to quickly and easily implement a corporate-wide security management program that delivers security best practices.

Award-Winning Application Testing Partner

Beeline’s code vulnerability testing partner, Veracode, has been recognized by Gartner as a market leader in Application Security Testing in the “Magic Quadrant Report for Endpoint Protection Platforms” According to the Gartner report, “Veracode is an established provider; their binaries and libraries are a key element of the application to be tested.” Beeline uses Veracode for testing each iteration prior to production.

Experienced, dedicated, award-winning teams

A dedicated information security and privacy team stays on top of continuously evolving industry best practices and implements those into the Beeline technology.

Robust identity management ensures the right people have access to the right information at the right time.

Conclusion:

If your organization is looking for an extended workforce solution partner, there are many important characteristics to consider. Perhaps most importantly, it is imperative to understand how a technology partner will ensure that your data is secure.

Consider data security as an important differentiator when making a decision for your extended workforce management needs and ask these important questions when shopping around:

Where are your data centers located?

Do you have contingency plans in place for business continuity and disaster recovery? Where is your disaster recovery site, and how is it staffed?

Has your organization successfully completed SOC 1 and SOC 2 examinations?

Does your organization adhere to rigorous, annual SSAE 18 and ISAE 3402 audit processes?

Is your system ISO 27001 certified?

What technology do you use to deliver Internet content?

How does your organization defend against DDoS, web applications, and direct-to-origin attacks?

Do you have any solutions that mitigate attacks on DNS infrastructure?

Does your organization offer encryption options for high-speed storage systems?

Are your technology partners recognized by Gartner as Magic Quadrant Leaders?

How does your information security and privacy team stay on top of continuously evolving industry best practices?

Don’t hesitate to compare how different providers measure up. A data breach can cripple your business and destroy the trust you have worked so hard to build with your staff, customers, and suppliers. Let’s face it—the challenges for organizations are considerable. Between the many things that can go wrong, the countless components for securing data and the increase in data breaches, you owe it to yourself to do everything you can to protect your information. If you are looking for the right extended workforce platform partner to support your business, we invite you to take a close look at Beeline.

Beeline customers are some of the largest companies in the world, and we know that auditors hold them to a high standard. In turn, we know that our customers hold us to high standards for data security and reliable technology services.

In a world where technology is progressing and becoming more sophisticated, we recognize the need to implement the fail-safe measures that our procurement, sourcing, and human resources customers deserve.

THE LEADER IN WORKFORCE SOLUTIONS.

Beeline pioneered the world’s first extended workforce platform to solve the complexities of managing the modern workforce. With a data set encompassing more than 30 million workers and over $700 billion in talent spend spanning more than 20 years, its intelligence-driven platform transforms how businesses engage, manage, and optimize external talent across more than 120 countries.

Enterprises benefit from our unmatched experience and innovation, deeply seasoned experts, and industry-leading partner network to connect them to the remarkable talent within the global extended workforce.

To learn more, visit beeline.com.