Security

  • Updated on Mar 27, 2025
  • Published on Aug 1, 2022
  • 3 minute(s) read
  • Stephanie Schmidt
  • Orianna Valentine
  • Gregg Tushaus
 Prev Next

Beastro is software as a service (SaaS) application hosted within Microsoft Azure (see Microsoft Trust Center for details). The application and services are designed to provide performance, scalability, security, management capabilities, and service levels required for mission-critical applications and systems used by financial service organizations.

Security Principles

In partnership with Microsoft, we deliver industry-recommended, secure, and interoperable identity, access, and compliance best practices. With Microsoft, we ensure that we deliver cloud applications and services with the highest standards regarding engineering, legal, and compliance support. Our focus is on maintaining data integrity in the cloud, which is governed by the following three key principles:

  • Security: Protecting you from cyberthreats. 
  • Privacy: Managing access to data. 
  • Compliance: Meeting financial services regulatory requirements.

Security Approach

Our approach to securing member or customer information involves a security control framework of technologies, operational procedures, and policies that meet the latest standards and quickly adapt to security trends and industry-specific needs.

We perform periodic information security reviews and results are reviewed with our Risk Management Committee. This process involves monitoring ongoing effectiveness and improvement of the environment by reviewing security issues, auditing results, and monitoring status, and by planning and tracking necessary corrective actions.

These controls include:

  • Physical and logical network boundaries.
  • Restricted access to the cloud environment.
  • Strict controls based on best practices that define coding practices, quality testing, and code promotion.
  • Ongoing security, privacy, and secure coding practices awareness and training.
  • Continuous logging and audit of system access.
  • Regular compliance audits to ensure control effectiveness.
  • System timeout after 30 minutes of inactivity.

Security Operations

Our security team carries out frequent internal and external scans to identify vulnerabilities and assess the effectiveness of the process. Services are scanned for known vulnerabilities. These scans are used to ensure compliance with baseline configuration templates, validate the installation of relevant patches, and identify vulnerabilities. The scanning reports are reviewed by appropriate personnel, and remediation efforts are promptly conducted.

We have established procedures to investigate and respond to malicious events detected by our monitoring system in a timely manner.

We employ "just-in-time" access that is logged and audited, then revoked after the task. Operations and support personnel who access production systems use managed workstations for network and application access. All computers have Trusted Platform Modules (TPMs), their host boot drives are encrypted with BitLocker, and they are joined to a secure corporate domain.

System hardening is enforced through use of a group policy, with centralized software updating. For auditing and analysis, event logs are collected from workstations and saved to a secure central location. 

Application Access and Identity Security

Beastro uses multi-factor authentication with two levels of authentication to obtain access to ensure protection of sensitive data. The connection is established using TLS 1.2 and HTTPS. The first layer consists of an email address and password. Users may use Forgot Password to re-validate and reset their account. Beastro’s second layer uses WebAuthn via a security token (FIDO) for strong authentication. This FIDO key is a physical token to verify the person logging into the system. Beastro uses a security key pin that users create when doing the initial security token setup. This code is unique to the security token. The token requires users to physically touch it with a finger.  Request new or additional keys.  A key feature of Beastro's multi-factor authentication is the allowlisting of IP addresses identified as valid sources for accessing the system. Allowlist IP addresses are required for securely viewing confidential and sensitive information. Users attempting to access the system from non-allowlist IP addresses will be unable to access various modules in the Beastro platform.

We use security to protect data integrity and user privacy. The security model promotes efficient data access and collaboration. The goals of the model are to:

  • Grant users access that allows only the levels of information required to do their jobs.
  • Categorize users by security role and restrict access based on those roles.
  • Support data sharing so that users can be granted access to information they do not own for a one-time collaborative effort.
  • Prevent access to information a user does not own or share.

We combine role-based security and permission-based security to define the overall access to information.