BigID Security

At BigID, ensuring the security of your data is our top priority. We recognize the significance of adhering to relevant laws and regulations in the jurisdictions we operate in, ensuring the protection of your valuable information.

How we do security

Security is embedded into the policies and standards at BigID. This means that security is treated as a top priority, and security protocols are seen as essential to every aspect of the business. All BigID employees understand the importance of our security protocols and their role in keeping BigID and its customers safe.

Shared responsibility

While BigID takes care of the majority of cloud security and hosting responsibilities, we want to emphasize the significance of our customers' involvement in identity and access management. We strongly urge our customers to actively monitor employee access through the audit log and their SAML provider. This proactive approach helps promptly address any compromised account credentials.

Core Security Framework

Customer Controls

Our customers have full control of the systems they connect to BigID including setup and configuration. BigID offers training, professional services support, detailed documentation, and customer support to help them get there securely.

Culture of Security

Everyone at BigID plays a part in maintaining a culture of security. We are committed to safeguarding all of our data and take proactive measures to prevent and mitigate potential security threats.

Security Governance

We understand that security governance is crucial for organizations to effectively manage their security risks. BigID has a comprehensive set of policies and standards to ensure the confidentiality, integrity, and availability of our critical assets.

Security Architecture

Security is considered at every stage of our development process from design to implementation. Our CI/CD (continuous integration/continuous deployment) process uses automated build-and-test steps, including container scanning, software composition analysis, static code analysis, IaC scanning, and secrets scanning, to ensure all code is safe and reliable before it is deployed to production.

Product Security

BigID leverages IAC (Infrastructure as Code) for deployment of workloads hosted in Amazon Web Services (AWS). We utilize Cloud Security Posture Management (CSPM) tooling to continuously provide vulnerability and misconfiguration data for our entire AWS environment.

DevSecOps and Cloud Security

BigID has dedicated DevOps and Cloud Security teams that monitor our cloud environment on a 24x7x365 basis to ensure the availability and security of BigID services. We use best-in-breed Extended Detection and Response (XDR) tooling to stop malicious attacks in their tracks.

BigID Security Controls

Security and Privacy Awareness Training

All BigID employees are required to take annual security and privacy awareness training at onboarding and annually thereafter to ensure that they are up to date on the latest security protocols and best practices.

Phishing Simulations

BigID employees are tested regularly on phishing awareness. If an employee takes the bait, they are required to take additional security training.

Background Checks

All BigID employees are subject to background checks that include a thorough review of their past employment and education, as well as a criminal history check.

Secure Coding

Security is baked into every phase of BigID’s development lifecycle. This includes mandatory peer reviews, automated software composition (SCA), infrastructure as code scanning, and static analysis (SAST) checks to identify any vulnerabilities and unsafe configurations. Formal release procedures ensure only approved changes are deployed to production.

Key Management

We follow key management best practices to ensure that keys are generated properly, safely stored, rotated when their cryptographic period ends, are only accessed by authorized entities to fulfill their function and that their utilization is properly monitored.

Bug Bounty

Our Bug Bounty program gives us the ability to force multiple the security testing of our cloud products to identify real time vulnerabilities.


BigID encrypts data at rest and in transit, using AES-256, SSH, and TLS 1.2+ encryption protocols. All data is stored in a secure, encrypted vault, and access is strictly controlled and monitored.

Identity and Access Management

BigID follows the principle of least privilege when assigning access controls and permissions. This means that users are only granted the minimum amount of access needed to perform their job duties.

Risk Assessment

BigID regularly performs risk assessments throughout the year to stay on top of the issues that can impact the service commitments to our customers and employees.

Third Party Risk Management

All of our vendors are assessed to ensure they have the security controls to meet BigID’s standards. Critical vendors are re-evaluated for risk on at least an annual basis to ensure that any new risks associated with their services are identified and mitigated.

Incident Response

We use a combination of Industry leading endpoint protection and AWS native security tooling to detect malicious and suspicious activity on endpoints in the cloud (and corporate assets). All of the telemetry from our Malware prevention technologies are fed to our Managed Detection and Response (MDR) and actioned to our BigID 24/7 Security operations team via automated workflows.

Related Resources

Awards & Recognition

Schedule a demo

Get a custom demo with our data experts in privacy, protection, and perspective – and see BigID in action.

Schedule a time