Bright Data manages data for over 15,000 organizations around the world. We understand that our customers expect us to protect their data with the highest standards and are committed to providing them with a highly secure and reliable environment. Our security model and controls are based on international standards and industry best practices, such as ISO 27001, ISO 27018 and OWASP Top 10.
How do we secure your data?
Our systems are hosted on multiple Availability Zones at Amazon Web Services (AWS). This allows us to provide a reliable service and keeps your data available whenever you need it. We have also established a disaster recovery site in in AWS EU and critical backups in Azure.
This datacenter employs leading physical and environmental security measures, which results in a highly resilient infrastructure. For more information about its security practices, see below:
Bright Data implements a security-oriented design in multiple layers, one of which is the application layer.
Our controlled CI/CD process includes end-to-end testing, unit testing which addresses authorization aspects and more. Bright Data developers go through periodic security training to keep them up-to-date with secure development best practices.
Another layer of security is the infrastructure. Bright Data is hosted across multiple AWS Availability Zones. Furthermore, our infrastructure is protected using multiple layers of defense mechanisms including:
- Firewalls for enforcing IP whitelisting and access through permitted ports only to network resources
- DDoS mitigation and rate limiting
- Advanced routing configuration
- Comprehensive logging of network traffic, both internal and edge
Bright Data encrypts all data both in transit and at rest:
- Traffic is encrypted using TLS 1.3 with a modern cipher suite, supporting TLS 1.2 at minimum
- User data is encrypted at rest across our infrastructure using AES-256 or better
- Credentials are hashed and salted using a modern hash function
External Security Audits and Penetration Tests
Independent third-party assessments are crucial in order to get an accurate, unbiased understanding of your security posture. Bright Data conducts penetration tests on an annual basis both in the application and in the infrastructure level using well-known, independent auditors.
Additionally, Bright Data is going through external auditing as part of the SOC2 Type II audit, the ISO certifications and other external audits.
Bug Bounty Program
Bright Data maintains a managed private bug bounty program, allowing security researchers from around the world to ethically and responsibly research and disclose security vulnerabilities to our Security Team.
Bright Data is a cloud-based solution, with no part of our infrastructure retained on premise. Our physical security in the offices include personal identification based access control, CCTV and alarm systems.
Bright Data’s data centers are hosted on Amazon Web Services and Google Cloud Platform infrastructure, where leading physical security measures are employed.
Disaster Recovery and Backups
Bright Data is committed to providing continuous and uninterrupted service to all its customers. We consistently backup user data every 5 minutes. All backups are encrypted and distributed to various locations.
Our Disaster Recovery Plan is tested annualy to assess its effectiveness and to keep the teams aligned with their responsibilities in case of a service interruption.
Security Awareness and Training
Bright Data understands that its security is dependent on its employees. Therefore, all our employees undergo thorough information security awareness training during onboarding. Further security training is provided on a bi-annualy basis. Additionally, all employees must sign our Acceptable Use Policy.
We know the data you upload to Bright Data is private and confidential. We regularly conduct user access reviews to ensure appropriate permissions are in place, in accordance with the least privilege principle. Employees have their access rights promptly modified upon change in employment.