EdgeBit Security

Security and Privacy is at the core of EdgeBit

EdgeBit practices what we preach — our security and compliance policies exceed industry standards to protect our systems and our user’s data.

To report potential security issues, please follow our Responsible Disclosure process below.

Ask our Security Team a Question

SOC 2 Type II compliant

EdgeBit has a current SOC 2 Type II compliance report.

Security policies described below follows the criteria set forth by the SOC 2 Framework.

EdgeBit Infrastructure Security

Infrastructure Security

EdgeBit is hosted using cloud services from AWS and Google, and follows their best practices for security and availability.

  • Data encryption in transit via TLS 1.2+
  • Infrastructure managed as code
  • Primary region in the US West Coast. Backup in US East Coast.
  • Frequent, encrypted database backups
EdgeBit Application Security

Application Security

EdgeBit carefully manages application dependencies to reduce supply chain risk. Application architecture is selected to be secure by default with defense in depth.

  • Code review is mandatory
  • Tenant isolation built into the data layer
  • API keys/secrets are encrypted with AWS KMS symmetric keys
EdgeBit Incident Response

Incident Response

EdgeBit's response policy includes escalation procedures, rapid mitigation and customer communication.

  • Around-the-clock monitoring and public status page
  • Disaster recovery dry-runs performed annually
  • Detailed Business Continuity plan
EdgeBit Employee Access Controls

Employee Access Controls

EdgeBit uses SSO backed by MFA whenever possible. We think it’s so important that it’s included for every EdgeBit customer without charge.

  • SSO & MFA are used whenever possible
  • Secure password vaults used for non-SSO systems
  • Regular access reviews are conducted for employee access
  • No access to production servers (no passwords or public keys configured!)

Responsible Disclosure

Reporting a Security Issue to EdgeBit

Security is paramount to EdgeBit in both our hosted software and the open source projects that we produce. We’re extremely grateful for responsible security researchers that report vulnerabilities to us.

Security researchers can contact EdgeBit security engineering at security@edgebit.io with the full details, including steps to reproduce the issue.

Report a Vulnerability

If you are reporting an issue that you believe needs urgent attention, please include [URGENT] in your email subject (including the brackets).

Cut through the noise in vulnerability management

Less investigation toil.

More action on real issues.

Happy engineers.

Request Demo
Close Video