Banyan Infrastructure Security & Data Management Overview 

At Banyan Infrastructure, we understand that security is paramount. We are committed to providing a platform where your data is protected with the highest levels of security and privacy. Our comprehensive approach to security is woven into every aspect of our platform, ensuring your information remains confidential and secure.

Here's how Banyan Infrastructure prioritizes your security:

  • Zero Trust Principles: We embrace a Zero Trust security model, ensuring no user or device is inherently trusted. This means strict verification and authorization are enforced at every level of access.
  • Data Encryption: Your data is encrypted both in transit and at rest, using industry-standard encryption protocols. This multi-layered approach safeguards your information from unauthorized access.
  • Robust Infrastructure: Our platform is built on a secure and resilient infrastructure, hosted in world-class data centers with comprehensive physical and environmental security measures.
  • Continuous Monitoring: We employ proactive monitoring and threat detection mechanisms to identify and mitigate potential security risks in real-time.
  • Compliance and Certifications: Banyan Infrastructure adheres to industry best practices and complies with relevant security standards and regulations to ensure the highest levels of data protection.

Banyan Infrastructure is committed to maintaining a secure and reliable platform, ensuring your data is protected with the utmost care.

This document covers:

  • Physical Security: Leveraging AWS's robust physical security for our infrastructure and employing device encryption and tracking for company laptops.
  • Network Security: Utilizing strong authentication methods like JWT and enforcing multi-factor authentication for all company tools.
  • Infrastructure Security: Implementing a rigorous patch management process and continuous monitoring to ensure system security and availability.
  • Data Protection: Encrypting data both in transit and at rest using industry-standard protocols like AES-256 and TLS 1.2.
  • Access Control: Employing strict access controls with least privilege principles, limiting access to sensitive data and systems.
  • Logging and Monitoring: Maintaining comprehensive audit logs and utilizing real-time alerts for threat detection.
  • Employee Policies: Implementing security awareness training and enforcing strict onboarding and offboarding procedures.
  • Data Classification: Categorizing data into Confidential, Restricted, and Public to ensure appropriate handling and protection.

If you have specific questions, please reach out to support@banyaninfrastructure.com

IT Security Policies and Procedures 

Banyan Infrastructure’s IT policies and procedures are in compliance with the SOC-2 cybersecurity framework.

1. Physical Security

  • Banyan Infrastructure’s systems and network infrastructure is hosted on the AWS platform and compliance of physical controls is managed by AWS. 
  • Company laptops are monitored and tracked via MDM with device encryption enabled by default. 

2. Network Security

  • JSON Web Tokens (JWT) are used for secure authentication, establishing trust between clients and applications.
  • Multi-factor authentication is required to access all company tools, such as Github, Google Suite, Slack, and our build environment. 

3. Infrastructure Security 

  • Infrastructure systems are patched regularly in accordance with patch management best practices. 
  • Banyan Infrastructure is responsible for assessing the risk of applying patches based on the security and availability impact of those systems, as well as any critical applications hosted on them. 

4. Computer Operations – Backups 

  • Backup infrastructure is maintained in AWS. All backups are encrypted via AWS IAM permissions. 
  • In the event of an exception, DevOps performs root cause analysis to remediate potential ongoing problems and then re‐runs the backup immediately or as part of the next scheduled backup cycle.

5. Computer Operations – Availability 

  • Banyan Infrastructure monitors the capacity utilization of computing infrastructure to ensure that service delivery matches service level agreements (SLAs). 
  • Banyan Infrastructure evaluates the need for additional capacity in response to growth of existing customers or the addition of new customers. 

6. Data Communications 

  • Firewall systems are in place to filter unauthorized inbound network traffic. 
  • Redundancy is built into the system to ensure that there is no single point of failure. 
  • Authorized employees access the system through VPN technology using a two‐factor authentication system. 

Cybersecurity 

Compliance with Documented SOC-2 Policies 

Access 

  • Site access is proxied by AWS CloudFront and protected by AWS Shield. some text
    • Internal access (Test & Demo) secured by AWS Client VPN. 
  • Access to production systems (AWS, databases, and applications)is limited to operations and customer success team members. 
  • MFA required for resources (Github, G Suite, AWS console). 
  • LastPass and password rotation are used for shared credentials. 
  • AWS hosts Banyan’s systems and infrastructure and is responsible for physical controls. 
  • Company laptops are encrypted and tracked. 

Data Protection 

AWS S3 buckets are only accessible to internal systems. Data at rest (Postgres and S3) is encrypted using AES-256. Data in transit is protected by HTTP/S (using TLS 1.2). Care is taken with unsecured transmission (email). 

 Logging and Monitoring 

  •  Logs retained for 90 days for auditing and forensic purposes. 
  • Real-time alerts for server error conditions and login attacks. 

Patching 

Automated SOC-2 scanning of AWS resources. AWS ECR image vulnerability scanning. Automated dependency scans in Github for vulnerabilities and security patches. 

 Secrets Management 

No secrets (passwords, keys, tokens) are in plaintext anywhere in the environment. Production credentials are managed through AWS Secrets Manager. 

Beyond the Banyan Infrastructure Application:

1. Onboarding Policies

  • Policies Include:
  • Secure Development Policy
  • Physical Security Policy
  • Operations Security Policy 
  • Information Security Policy 
  • Cryptography Policy 

2. Laptop Access

  • All company assets are tracked and are capable of being remote-wiped. SOC-2 automated real-time agent confirms hard disk encryption and operational anti-virus software. 

3. Offboarding

  • Employee access to all systems is removed during offboarding. Shared passwords are rotated. 

4. Development Process

  • In the event of an exception, DevOps performs root cause analysis to remediate potential ongoing problems and then re‐runs the backup immediately or as part of the next scheduled backup cycle.

Data Management 

To help Banyan Infrastructure and its employees easily understand requirements associated with different kinds of information, the company has created three classes of data:

1. Confidential Data: Highly sensitive data requiring the highest levels of protection 

  • Access is restricted & can only be shared with approval from the data owner or a company executive. 
  • Examples Include:
  • Customer Data 
  • Personally identifiable information (PII) 
  • Company financial and banking data 

2. Restricted Data: Proprietary information requiring thorough protection 

  • Access is restricted to employees on a “need-to-know” basis. This is default unless stated otherwise. 
  • Examples Include:
  • Internal policies 
  • Legal documents 
  • Meeting minutes and internal presentations 

3. Public Data: Documents intended for public consumption 

  • May be freely distributed outside Banyan Infrastructure. 
  • Examples Include:
  • Marketing materials 
  • Product descriptions 
  • Media specifically generated for external consumption 

Application and Data 

Application Data Protection: 

  • Banyan Infrastructure uses explicit permission grants at the Deal level 
  • Banyan Infrastructure maintains an audit log of user login and actions within the system 
  • Access to data is controlled through the access rights to the Deal, which are individually assigned to users. 
  • Access to deals may be rescinded by the customer’s Organization Administrators, by Deal Creators, or by the Banyan Infrastructure Super-User account. some text
    • The Banyan Infrastructure Super‐User account must be explicitly granted Project access to view/modify Project data. 
  • Banyan Infrastructure receives data through a combination of manual (upload) submissions and automatic (API level) information fetches. some text
    • Any transmitted information is protected through encryption (HTTP/S, encrypted channels, or other secure APIs). 
  • Data stored on the Banyan Infrastructure system is stored in an encrypted database some text
    • Some portions of data may be downloaded in CSV format, which is protected using HTTP/S.

Monitoring and Alerting 

Banyan Infrastructure uses AWS CloudWatch for continuous monitoring and alerting of internal controls 

Banyan Infrastructure uses Intruder to scan for vulnerabilities 

Intruder Systems Ltd is an independent security advisory company specializing in providing continuous security monitoring for internet-facing web applications an infrastructure.