Buzz's security model
Buzz has teamed up with AWS to keep our users safe.
- Regular security updates: Every week we update Buzz with our latest enhancements, bug fixes, and security improvements. To avoid disrupting customers, all updates from external services are tested by software and humans before rolling out.
- Secure data access: Our API provides secure access to Buzz data over TLS (1.2 or greater).
- Authentication: We support external identity providers (IdPs) for single sign-on (SSO) with CAS and SAML, so users can sign into one application and be automatically logged into Buzz without needing to re-enter credentials. This feature can help eliminate the need for teachers and students to have multiple credential sets.
- Physical security: Buzz uses Amazon Web Services (AWS). AWS protects a global infrastructure of hardware, software, networking, and facilities, and is designed and managed around a variety of best practices and global security standards. AWS participates in various assurance programs, including FERPA, and is regularly independently audited (see https://aws.amazon.com/compliance for full details).
- Protocol and session security: We use HTTPS for all communication and encrypts all inbound and outbound traffic using 2048-bit TLS (1.2 or greater).
- Backup and recovery: Buzz data is backed up every day. In the case of a disaster, data can be recovered from these backups. Backups are regularly tested.