Vision-Bot Security Frequently Asked Questions (FAQ)
Is our data encrypted?
Data in transit is encrypted using TLS with Perfect Forward Security (PFS), and data at rest uses industry standard AES-256 to encrypt fields in the database that contain sensitive information, such as Jamf Pro API credentials.
Is TLS always used?
Yes, Vision-Bot no longer supports SSL v3.0.
How are our passwords stored?
For Vision-Bot login passwords, we use bcrypt with unique, random salts, and employ a high-cost factor to deter brute force attacks. API credentials to connect Vision-Bot to other systems (e.g. Jamf Pro Servers) are encrypted at rest using AES-256.
Who has access to our data?
Only you and the people you allow have access to your data.
Where are Vision-Bot data centers located? Vision-Bot relies on Linode.com to provide infrastructure as a service (IaaS) within the United States. Data at rest remains in the United States.
Does Forget Computers use a secure Software Development Lifecycle (SDLC)?
Yes. We use an Agile methodology that incorporates cross-functional teams and clearly separated development, staging, and production environments.
Does the Vision-Bot hosting service have a SOC 2 Type 2 report?
We are currently preparing for a SOC 2 Type 2 report that is expected in 2020.
Does Forget Computers audit its security?
We follow industry best practices for security and use automated tools to check for security vulnerabilities prior to each release. We also rely on Two-Factor Authentication to ensure the security of the underlying infrastructure that is provided by Linode.com.
Have questions that we didn't cover?
Please don't hesitate to reach out to us and talk security.