Security Overview

Introduction

Data security and privacy are a top priority for Bayou Energy. Utility data is sensitive information and we treat it as such, applying security measures and best practices at all levels to ensure the safety of customer data.

Customer credentials

To offer continuous utility data access for most utilities, Bayou must save customer credentials. Those credentials have to be accessible by certain components of our platform, so that they can connect to the utility web portal and update the customer’s data.

Our system is designed such that, once they are recorded, no customer credentials can ever be read by a human, be it an agent from Bayou’s support team, someone from your company or even the customer.

To make sure the credentials cannot be accessed by unauthorized components of our platform, we encrypt them as soon as they are saved by the customer. We use AWS KMS (Key Management System) to encrypt the credentials and then save the output in our database.

The private key used to decrypt this output can never be accessed directly and is stored by Amazon’s KMS on an hardware security module, ensuring the maximum level of protection. We instead send requests to Amazon’s KMS to decrypt credentials when needed, using very restricted access control lists to authorize only our essential components to access the credentials.

We partition our platform so that those components with elevated permissions are isolated from our user-facing applications. Even in case of a security breach in our frontend, customer credentials will stay safe.

Other security measures

  • All requests to and from our platform are encrypted using HTTPS and with the most modern encryption algorithms. We use DNS CAA to make sure only specific authorities can sign certificates for our domain, as well as HSTS to make sure our site can never be accessed through unencrypted connections. Our domain is also part of the HSTS preload lists of the most common web browsers.

  • We protect against email impersonation using DMARC, SPF and DKIM.

  • Our frontend uses CSPs (Content Security Policies) to ensure the integrity of the resources loaded on our webpages. Our cookies are marked as same-site only (they cannot be accessed from other sites), HTTPS only and cannot be accessed from Javascript code. We also use CSRF tokens to protect against cross-site attacks.

  • All of our libraries and packages are continuously updated to the latest versions.

  • All of Bayou Energy’s team is trained on cyber security and uses tools such as password managers and 2FA when available.

Contact

Any questions or concerns can be submitted to security@bayou.energy for review by our security team, led by Joris Van Hecke, Bayou Energy’s CTO.