Data observability that's security-first
Bigeye is built to industry-leading security standards. We follow enterprise-grade practices to deliver data observability while protecting your data and ensuring compliance.
Secure by design
Bigeye provides data protection guarantees for customers in regulated industries like financial services, education, social media, and more.
SOC2 Type II
Encryption
PenTests
Anonymization
Read Only
Details
Access controls
Secure Sign In via Okta is available for Bigeye Enterprise customers. Google Workspaces support is coming soon.
Bigeye connects to your data with read-only service accounts on your data sources. Bigeye will only see data that the service account has access to, giving you total control over what data can be monitored. Only administrator-level users can add, edit, and delete connections to your data sources.
Restrict user access to sensitive datasets and control who can edit and manage Bigeye monitoring on different data sources.
Architecture
Bigeye connects to data sources using read-only accounts via JDBC. Credentials to your data sources are stored on Bigeye servers hosted in AWS, are encrypted at rest, and cannot be accessed by Bigeye engineers.
All data is encrypted with AES-256 at rest, and all network traffic to your team’s browsers goes over HTTPS.
Bigeye collects only aggregated statistics about your data to perform monitoring and anomaly detection. Some features used for root cause analysis will fetch row-level data from your sources which is only held in non-durable memory and never persisted. These features may be disabled entirely, if required.
Bigeye can peer directly with your AWS Virtual Private Cloud, avoiding traffic out to the internet. PrivateLink for AWS is available as part of Bigeye Enterprise.
Customers can choose between agent and agentless deployment models. The agent model satisfies additional security requirements including eliminating the need for Bigeye to make inbound connections into your network.
Bigeye policies
Bigeye employees engage in privacy and security training during onboarding and periodically thereafter.
We follow need-to-know principles and limit access to our systems to ensure that only our Site Reliability Engineering Team and Chief Technology Officer can access customer data during incident response processes.
We conduct code review and perform vulnerability scans on all dependencies as part of our software engineering practices.
Bigeye can provide a DPA on request.
On closure of your account, our team destroys all data from your workspace, including credentials, user data, and your data observability metric histories.
We provide strong SLAs for all Bigeye workspaces, and stricter SLAs are available for enterprise customers. You can view our current system status and uptime here.