Security Report

By Bushel Product Team

Feb 4th 2019

Security is at the forethought of every decision on the Bushel platform. We implement best practices to ensure the security, privacy, and integrity of your customer data. We believe that one of those best practices is transparency.

Data Access & Login Security

A gated wall protecting your information. Here’s how.

* The grower has an account at the elevator.

* When a grower downloads a Bushel Powered app, they login with their phone number

* Bushel checks the number against the elevator’s customer accounts.

* If matched, we send a 4 character code to the grower phone number. Each authorization code is unique and expires after 5 minutes.

* The grower authenticates with the 4 character code.

* Login is successful, grower remains logged in for a year.

Average user time to utilization is 1:13.

It’s easy for the grower, and secure for the elevator.

Bushel Tunnel

*Elevator installs the Go based client and configures it with the credentials you receive as part of the Bushel activation process.

* The client makes an API request with industry standard TLS encryption over HTTPS with Elevator credentials to retrieve the configuration for your tunnel.       

* An encrypted SSH-based remote port-forward is created using the configuration, the strongest cipher available, and an ED25519 key-pair.

* The client checks hourly for configuration changes and updates.

* Upon receiving new configuration, the client will simply stop and allow the process manager to start it again. This will cause it to re-configure itself.

* Updates are handled in much the same way. However before the restart, the update is downloaded and verified using the SHA256 checksum.

* This process creates an encrypted connection between a single machine on your network and the Bushel tunnel service.

General security practices

We implement overarching security practices to ensure that our platform runs securely.

* Google Cloud Compliance Bushel is a cloud operated platform backed by Google’s Cloud standards, regulations, and certifications.

* Internal Access to SystemsAccess to our internal systems through an SSO allows us to quickly revoke access to resources. It requires 2-factor authentication and at least 12 character passwords.

* Secure Database Connection-SSO is also used to access our databases. The database is encrypted at rest. It is only accessible from our internal network or our VPN which grants us access to a VPN between the office to Google. The connection from our workstations to the database are also SSL encrypted.

* UpdatesWe keep all of our systems on the latest security patches and generally move to major and minor releases a few months after release.

* Secure Development Practices Careful code reviews, automated testing, defense of attack vectors knowledge, and use of centralized builds and automated deployment are a few of the standard practices our development team upholds.

For more questions on security, reach out to our team to learn more.

 

 

 

 

 


The Omnichannel Farmer

It’s a perceived double stereotype in present agriculture. On one side stands a vision of an avocado toast-eating,...

Read more

Rain and Hail Sign Multi-Year Agreement with Bushel

Integration of Bushel into Chubb’s agriculture insurance to provide more efficiency for growers in sharing...

Read more

Bushel Amongst Top Winners At Foodbytes! by Rabobank

“Recognized for their positive impact on the food value chain, Bushel, Shaka Tea, and Toast Ale won awards for...

Read more