Security Controls Overview

Security at Bandwidth is a high priority for our network and business. Bandwidth has a dedicated information security team that oversees Bandwidth’s security program. Bandwidth recognizes information must be managed, controlled and protected as it has a significant impact on our products and customers.
Bandwidth’s Information Security program is designed to protect assets against unauthorized use, disclosure, alteration, and destruction.

Network Security
Bandwidth’s network environment is monitored 24×7 by a team of Network Operations Technicians. All site locations have firewalls, and traffic monitoring deployed.

Vulnerability Management
Automated vulnerability and policy scans are performed on Bandwidth’s environments and assets.

Application Security (BW AppSec)
Bandwidth’s application security program actively performs static and dynamic scanning of systems
and software code. Continuing education for developers is based on OWASP Top 10 with educational feedback loops
in the development lifecycle to bring additional awareness of our secure software delivery.

Change Management
Bandwidth’s Change Review Board oversees change requests and change approvals. The approval process contains a review of risk, test plan, and back-out plan before changes can be made. Changes are scheduled during off-peak times to minimize disruptions.

Endpoint Security
Bandwidth desktops, laptops and mobile devices are centrally managed and are fully encrypted. All end-user computers have anti-virus and anti-malware protection.

Physical Security
Access to all Bandwidth offices is restricted and controlled by assigned proximity badges. Visitors must sign in, display a visitor badge, and be escorted by the sponsoring employee. Entrances and exits to all sites/offices are under video surveillance. Data Centers hosting Bandwidth’s equipment are certified SOC II or ISO 27001:2013 compliant. Each site location provides layers of security, including biometrics, security guards, cameras and equipment secured in isolated rack/cages.

Third-Party Penetration Testing
Bandwidth uses third-party partners to perform external penetration testing against applications and networks.

Vendor Risk Management
The Bandwidth VRM (vendor risk management) program enables Bandwidth to appropriately identify and protect its business data and intellectual property hosted/stored by third-party vendors. Bandwidth evaluates third-party vendors for data security and continues to reevaluate security posture of each vendor for ongoing compliance.

Log/Event Management
All Bandwidth security logs are collected and stored for one year in a centralized logging infrastructure that is analyzed real-time by the Bandwidth Security Incident Event Monitoring (SIEM) system. In addition to real-time alerting, Bandwidth has established a SOC for 24×7 monitoring of events and alerts.

Identity & Access Management
Access to Bandwidths production systems and services by employees is on a need-to- know model. Bandwidth continuously monitors user accounts using behavioral analytics and anomaly detection. Bandwidth requires 2-factor authentication for all remote access to Bandwidth networks and systems.

Governance, Risk, & Compliance (GRC)
Bandwidth’s information security program, information security policies, standards, and guidelines, are built on the ISO/IEC 27002 code of best practices for information security. The Bandwidth security team performs ongoing audits and risk assessments across the organization as part of Bandwidth’s information security management system (ISMS) in compliance with ISO/IEC 27001:2013.

Log/Incident Management
Bandwidth has a formal incident management program and has a dedicated incident response team to assemble and manage incident investigations.

People/HR Security
Bandwidth performs background checks on all potential new employees before employment. All new-hires must complete security awareness training at the start of employment and ongoing for all employees.

By continuing to use this site, you are agreeing to our Privacy Policy and the use of cookies. Please click the continue button to close this notice. Continue