Frequently Asked Question
Learn more about product and data security at byrd
Data Security
Who has access to the data that byrd is processing?
Our general design principles are based on zero-trust and need-to-know principles. As such, only dedicated teams in our company require such access, e.g. your account manager. In addition, our technology department, who runs the platform, has access to the underlying infrastructure and databases.
How are workplace devices (laptops, mobiles etc.) secured, e.g. against malware or data exfiltration?
byrd attaches great importance to the security of the workplace devices and uses several technologies for this purpose: MDM (Kandji) and EDR (SentinelOne).
Initially, all devices are hardened by applying appropriate security configurations (over 100 different settings). Our MDM is also used to remotely wipe devices should they ever be stolen.
Does byrd encrypt my data in transit and at rest?
Absolutely. byrd utilizes Transport Layer Security (TLS) for data in transit and employs native AWS features for encrypting data at rest. Your data's security is a top priority for us.
Where does byrd process or store customer data?
Our application is strictly hosted with the EU, with data center providers that are subject and compliant to EU-GDPR regulations.
Can data be deleted from byrd's platform?
Yes, of course.
How are server runtimes secured, e.g. against malware or data exfiltration?
Aside from common security practices that you would expect, our server runtimes are primarily secured through pre-hardened configuration and EDR. In particular EDR is used to continuously monitor for potential indicators of compromise and combat malware infections automatically.
Governance, Risk, Compliance
Does byrd follow secure software development practices?
Yes. We address this issue on multiple angles and can provide further detail, where required. Our primary tools to ensure only secure code is shipped can be summarized as:
1. Pre-deployment: continuous training and education for our technology team, threat modeling exercises, 4-eye principle and code reviews for code merges.
2.1 post-deployment: 24/7 vulnerability disclosure program, dedicated penetration testing and post-deployment posture analysis.
Does byrd have an Incident Response process and policy?
Yes. Aside from corresponding policy and procedures, we monitor and detect attacks on multiple levels. For example, our security relevant metrics from different sources are piped into our SIEM system for continuous monitoring and alerting (Sumo Logic).
Does byrd hold any 3rd party compliance attestations for security?
We select our service providers with security and compliance in mind. As such, key parties in our provider ecosystem are 100% compliant with industry security standards such as SOC2 Type II or ISO 27001. byrd regularly evaluates suppliers in a prioritised fashion according to these requirements.
byrd itself has not undergone an audit with certified attestation just yet. Our security framework goes much beyond what industry standards are demanding, however based on our customer’s feedback, investing in the time consuming process of annual audits and maintaining compliance has not proven to be practically necessary until today.
Does byrd regularly undergo penetration testing by a 3rd party firm?
Yes. We conduct different forms of testing in cycles.
Most importantly, we run a state-of-the-art, 24/7 vulnerability disclosure program to detect potential issues as early as possible. Further, we conduct penetration tests and inside-out security audits multiple times per year.
Is byrd's Security Program aligned with industry standards?
Yes. Specifically, we adhere as much as we can to the following standards:
1. SOC2 Type II
2. ISO 27001
3. CIS AWS 1.4.0
4. NIST 800-171 Rev2
5. AWS Well Architected
Attestation and benchmarks for select scopes can be provided upon request.
Does byrd have an Information Security Program?
Yes. Our Security Team takes care of the company’s security program, annual targets, design principles, architecture decisions and so on. You find a lot of related information in our Security & Trust Center on our website under www.getbyrd.com/byrds-security.
Keeping our customer’s data safe is of utmost priority to us and we continue to invest in best-in-class tooling to deliver on this promise.
Learn more about security at byrd
Everything at a glance
Learn More about security at byrd. Meet the team responsible for security.
Find out more.
Overview
Learn more about our rules of play
We believe in the researcher community and run an active bug bounty program. Find out more.
Vulnerability Disclosure Program
byrd's Security
How we secure our Digital Workplace, Infrastructure & Applications, Data and more. Find out more.