Security is at the forethought of every decision on the Bushel platform. We implement best practices to ensure the security, privacy, and integrity of your customer data. We believe that one of those best practices is transparency.
Data Access & Login Security
A gated wall protecting your information. Here’s how.
* The grower has an account at the grain facility.
* When a grower downloads a Bushel Powered app, they login with their phone number
* Bushel checks the number against the grain facility’s customer accounts.
* If matched, we send a 4 character code to the grower phone number. Each authorization code is unique and expires after 5 minutes.
* The grower authenticates with the 4 character code.
* Login is successful, grower remains logged in for a year.
Average user time to utilization is 1:13.
It’s easy for the grower, and secure for the grain buyer.
*Grain Facility installs the Go based client and configures it with the credentials you receive as part of the Bushel activation process.
* The client makes an API request with industry standard TLS encryption over HTTPS with Grain Facility credentials to retrieve the configuration for your tunnel.
* An encrypted SSH-based remote port-forward is created using the configuration, the strongest cipher available, and an ED25519 key-pair.
* The client checks hourly for configuration changes and updates.
* Upon receiving new configuration, the client will simply stop and allow the process manager to start it again. This will cause it to re-configure itself.
* Updates are handled in much the same way. However before the restart, the update is downloaded and verified using the SHA256 checksum.
* This process creates an encrypted connection between a single machine on your network and the Bushel tunnel service.
General security practices
We implement overarching security practices to ensure that our platform runs securely.
* Internal Access to Systems— Access to our internal systems through an SSO allows us to quickly revoke access to resources. It requires 2-factor authentication and at least 12 character passwords.
* Secure Database Connection-– SSO is also used to access our databases. The database is encrypted at rest. It is only accessible from our internal network or our VPN which grants us access to a VPN between the office to Google. The connection from our workstations to the database are also SSL encrypted.
* Updates—We keep all of our systems on the latest security patches and generally move to major and minor releases a few months after release.
* Secure Development Practices— Careful code reviews, automated testing, defense of attack vectors knowledge, and use of centralized builds and automated deployment are a few of the standard practices our development team upholds.
For more questions on security, reach out to our team to learn more.