Banyan's Apps - Data Privacy and Security Considerations
- Updated on Sep 02, 2022
- Product Philosophy
- Securely Storing EndUser Credentials
This article details common data privacy and security considerations related to deploying the Banyan apps across your workforce’s devices.
Please visit our Support site for similar information for your end users.
The Banyan Desktop and Mobile apps are designed to enable your organization to adopt a Zero Trust security posture, where corporate applications should only be accessed by Registered Devices regardless of their network location. The Banyan apps complement the capabilities of Device Managers (MDMs) and Endpoint Detection and Response Tools (EDRs) that Enterprises have already deployed across their device fleets.
The Banyan apps are built following these core product philosophies that emphasize data privacy and security:
Device Identity - The Banyan apps provide a simple yet secure way for end users to registers a device and for admins to identify a device.
Read Only - The Banyan apps report on device status but do not change any device settings proactively; this is very different from MDM and EDR clients that will automatically change settings, install files and block user actions.
User Visible - The Banyan apps run as a regular application with a user interface. We do this because a visible application communicates user trust and control, and it also gives us a way to display TrustScores and provide remediation instructions.
Low Overhead - The Banyan apps do not continuously monitor or silently analyze behaviour on the device, and so they have virtually no impact on device performance.
Report When Needed - The Banyan apps only collect essential device information from the device and report at relatively low frequency. This privacy-oriented philosophy is particularly important because the Banyan apps need to also cater to devices that are owned by employees and not issued by an enterprise.
Data accessed and collected by the Banyan apps
The Banyan Apps do not have access to your end users’ device data and do not change any settings proactively. They only check device settings and security features as configured for your organization.
For Device TrustScores, Banyan analyzes raw information about a device (such as its features and settings) and converts it into TrustScore Factors that can be processed by machine-learning algorithms.
TrustScore Factors typically involve security measures (such as firewall, disk encryption, screen lock, etc.), preferred applications (such as corporate-managed or productivity-related applications), and general performance (minimum allowed OS version).
Reporting and storage of device feature data
The Banyan apps scan and report device data every 60 minutes or when manually trigged by the end user.
The device feature data is stored in the Banyan Command Center TrustScoring Engine, encrypted at rest, and conforms to the highest security standards for protecting sensitive data. This data is used for the lifetime of the customer.
The Banyan apps do not access or store location data of the devices.
Web traffic and network activity
The Banyan apps do not intercept or monitor network activity to/from the device.
Standard, OS-specific messages are shown to end users when installing any root certificates to their device. In this case, Banyan leverages the root certificate to validate downstream intermediate and client certificates.
Securely Storing EndUser Credentials
The Banyan apps use a special JWT token called the ReportingToken to make requests to the Command Center APIs (submitting device features, logging in, getting a list of services, etc). The ReportingToken contains user and device claims that are not intended to be secret (such as device serial number and user email), and has specific issuance and renewal logic. The ReportingToken is stored on disk and encrypted to prevent token-harvesting threats posed by disk scanners. The password for encrypting and decrypting the Reporting Token is stored securely in the Banyan Apps so it can be used to make API requests.
LoginToken and LoginCert
The Banyan Desktop apps use a standard JWT token called the LoginToken to manage certificate issuance. The LoginToken is used to generate a certificate signing request (CSR) to obtain a LoginCert and SSHCert. The LoginToken is stored on the filesystem and protected the same way as the ReportingToken.
The LoginCert (aka TrustCert) is used by
banyanproxy to access services. It is stored on the filesystem in two files
login-cert.pem (the certificate) and
login-key.pem (the corresponding private key). Because
banyanproxy must be able to read both LoginCert files, they are stored unencrypted on the device file system. The LoginCert is a short-lived certificate and automatically expires after 24 hours.
The SSHCert is used by SSH clients to access SSH servers. It is managed in the same way as the LoginCert.
The LoginToken, LoginCert and SSCert are stored in the user-data directory of the Banyan Apps.
Banyan is SOC 2 Type I and Type II compliant.