Sign Up Login

Security, Privacy, Compliance

We know the perils of poorly planned and inadequately executed security management systems. We know the risks are real.

At Bright we don’t only help other companies keep their backyard clean. We also take care of our own. We never cease strengthening our walls and hardening our internal security.

We love security. We live security. We live from security. With us, the future of your confidence is Bright.

We pledge that the protection of our customers and the data in our care shall be invested with nothing less than our greatest efforts.

Recognition

Governance

We organize our internal processes, develop our policies and enhance internal structures in full accordance with the standards and good practices that have gained worldwide acceptance, such as ISO 27x family of standards, NIST and GDPR. We make sure to remain constantly aligned with relevant laws and regulations. We maintain clear and coherent organization, with role segregation, divided responsibilities, regular internal reviews and audits.
Information Security

We have fully established and continuously improving information security management system, maintaining the highest level of protecting confidentiality, integrity and availability of data and information in our care. We ensure that the implementation of required measures like volume encryption, access controls and network security is controlled around the clock in order to prevent unauthorized access or misuse of sensitive information, either by internal or external actors. We ensure direct involvement of our management structures with strategic and tactical aspects of preserving information security.
Data & privacy

We have fully established and continuously improving information security management system, maintaining the highest level of protecting confidentiality, integrity and availability of data and information in our care. We ensure that the implementation of required measures like volume encryption, access controls and network security is controlled around the clock in order to prevent unauthorized access or misuse of sensitive information, either by internal or external actors. We ensure direct involvement of our management structures with strategic and tactical aspects of preserving information security.
Disaster recovery and business continuity

We are committed to providing our customers with services subject to the least possible interruption and with maximum consistency. We do everything in our power to ensure that neither snow, nor storm, nor any natural calamity disrupt the processes on which the customers rely. We develop, review and test plans for maintaining access to critical systems and data, preserving continuity of the ongoing processes, and recovering from any issues with minimum to no impact on our customers.
Monitoring and supervision

We maintain an ongoing process of collecting, analyzing, and acting on all available security-related data and information that could impact our business or customers. We monitor network and system logs, we watch out for unusual activities, follow, and react to the information acquired from the community and conduct regular security assessments. We rely on the internal team of security researchers to ensure that our systems are tested and maintain ongoing resilience to any malicious activity.
Incident and vulnerability management

We have a detailed incident management system and established internal security response teams with dedicated roles and tasks intended to ensure every event is considered and every incident thoroughly investigated. We have developed internal playbooks and procedures applicable to various security incidents, from the most common to the most unusual and complex. We focus on preventing the incidents through timely identification and remediation of vulnerabilities detected either through external and internal penetration testing, or our active and informative bug bounty program.
Vendor management

We ensure that all our external vendors and partners are compliant with our security policies and standards. We conduct regular security assessments of vendors, establish contracts that outline security requirements, preserve confidentiality, and reduce liability, while regularly monitoring vendors and the services they provide to maintain compliance.
Fraud prevention and internal investigations

We implement various techniques and technologies to prevent and detect fraudulent activity within our company. We implement strong authentication protocols, support robust reporting systems and revise our processes regularly to make certain that the appropriate measures prevent any suspicious activities, while simultaneously upholding regular business activities.
Employment, education, and training

We make sure that, throughout their engagement, our employees and contractors’ backgrounds are verified by authorized institutions. We firmly support and foster the employee development, keeping their knowledge and understanding upheld by the regular security training activities, both general and specialized in accordance with their particular workplace. We conduct smooth transitions of our employees’ careers, whether through onboarding, offboarding, or horizontal and vertical hierarchy movements
Testing variance Using Legacy Dast Using Dev-Centric Dast
% of orgs knowingly pushing vulnerable apps & APIs to prod 86% 50%
Time to remediate >Med vulns in prod 280 days <150 days
% of > Med vulns detected in CI, or earlier <5% ~55%
Dev time spent remediating vulns - Up to 60x faster
Happiness level of Engineering & AppSec teams - Significantly improved
Average cost of Data Breach (US) $7.86M $7.86M