Bluebeam Cloud Security Overview

Applies to:

  • Bluebeam Cloud

Jump to:

Introduction

This document provides an overview of technical elements concerning features and information that may be helpful in maintaining your security while using our web and mobile app solution, Bluebeam Cloud.

Access Bluebeam Cloud

With a Bluebeam subscription (Basics, Core, or Complete), users get access to Revu 21 (our subscription-based desktop application), Studio Sessions and Projects, and Bluebeam Cloud web and mobile applications. Access to all these services requires authentication with a username and password associated with a Bluebeam ID (BBID).

To access Bluebeam Cloud:

For more information about compatible operating systems and browsers, click here.

Password Requirements

All BBID passwords must be between 8 and 32 characters with at least one uppercase letter, one lowercase letter, one number, and one special character, such as !@#$%^&*. Passwords are hashed prior to storage, using a strong one-way hash algorithm with cryptographic salting to further safeguard passwords in storage.

Accounts are locked if repeated failed authentication attempts are detected.

Studio Comparison

All Studio server connections are initiated by Revu clients. In Bluebeam Cloud, there are no system requirements for server to client communication. All communication and transmission of files, markups, other rich data, and all authentication is encrypted through HTTPS.

To compare Studio and Bluebeam Cloud for your project management needs, visit this guide.

Firewall Requirements

See below the domains and ports used by Bluebeam Cloud, including Studio services. If you are only accessing a specific geographical environment, you only need to allowlist the domains specific for that environment, along with the required global services.

Global Services

*.amazonaws.com:443

*.gds.bluebeam.com:443

*.login.okta.com:443

*.bluebeam.com:443

US Environment

*.bluebeam.com:443

UK Environment

*.bluebeam.co.uk

*.bluebeamstudio.co.uk:443

AUS Environment

*. bluebeam.com.au.

*.bluebeamstudio.com.au:443

DE Environment

*.bluebeam.de

*.bluebeamstudio.de:443

SE Environment

*.bluebeam.se

*.bluebeamstudio.se:443

Bluebeam Email Domains

We use the following domains to communicate with end users for support, licensing, and information related to Bluebeam Cloud. These emails are sent on our behalf by amazonses.com. Allowlisting these domains may be necessary to ensure successful email transmission.

US Environment

@bluebeam.com

@bluebeamops.com

@bluebeam-support.com

UK Environment

@bluebeamstudio.co.uk

AUS Environment

@bluebeamstudio.com.au

DE Environment

@bluebeamstudio.de

SE Environment

@bluebeamstudio.se

For more information about allowlisting Bluebeam solutions, visit this article. If you need to disable access to Bluebeam solutions for users, click here.

Data + System Security

Bluebeam has a comprehensive Information Security program based on industry-standard security frameworks. For more details about our organization security controls, including vulnerability management, physical and datacenter security, network security, and encryption, please click here.

SOC 2 Compliance

The Bluebeam System and Organization Controls (SOC) Report is an independent third-party examination report that demonstrates how Bluebeam achieves key compliance controls and objectives. Bluebeam undergoes an annual SOC 2 audit performed by an external and independent third-party assessor annually to verify the implementation and effectiveness of our security controls. Our report covers the SOC 2 Trust Services Criteria of Security and Availability.

If you would like to request a copy of the report, please contact your Bluebeam representative for more information. If you do not have a Bluebeam representative, contact us for further assistance.

Resources

Bluebeam Cloud

This page provides an overview of document and system security and access control for our web and mobile app solution, Bluebeam Cloud.