Stratawise recognizes that the consumer of SaaS services, such as Stratawise offers, can hinge on both the statements a vendor makes about security and their track record of actually protecting a customer’s data and the availability of their own services. As such, the The confidentiality, integrity, availability, and authenticity of your organization’s data is very important to you, the customer, and to us. This article summarizes the approach Stratawise uses to protect data and availability with a focus on the areas we often receive questions on from prospects or customers. We follow many more detailed practices not covered herefrequently asked questions from prospective clients and current customers.
In summary, we protect:
Confidentiality - by practicing privacy by design we work to limit where and when a user's private data is used. Every effort is used to minimize the scope both in terms of data flow and time period for private data. Beyond that, customers’ confidential business data is treated similarly, kept only as long as needed, in limited locations (e.g. primary data store and backup).
Integrity - techniques are used to ensure that data is not altered when in motion between a source and destination.
Availability - it is your data, and it should be accessible at all times. Considerable effort goes into ensuring systems are resilient to potential availability threats, such as denial of service or a bad actor deleting information or shutting down systems.
Authenticity - by ensuring users are authenticated and authorized, we ensure only users that should input, update, or delete data are allowed to. Beyond that, we maintain audit logs for every update made to data or configurations, enabling you to confirm who changed what, when, and from which IP Address.
...
Encryption:
Standard, public algorithms are used for encryption.
Where involved, certificates Certificates and associated private keys are carefully managed according to best practices. The keys are kept private leveraging utilizing Azure’s Vault.
Encryption in motion often involves utilizes asymmetric key exchange , where this provides to provide optimal security, it is utilized.
In Motion: All data is encrypted in motion within Stratawise using TLS 1.2.
...
All accounts required to access the infrastructure Azure have two-factor authentication enabled.
All secrets credentials required to further access resources within Azure are protected using Azure’s Vault to ensure no passwords or keys are stored as plain text.
The principle of least privilege is used to ensure users have minimal permissions, and additional permissions are only granted what is required to do in order to run or access the current operation assigned to them.
As users change job duties or leave the company, access control processes are followed to ensure access is removed promptly.
Optionally, your organization's identity access mechanism can be used to authenticate through SAML to provide Single Sign-On (SSO). In this way, users do not have to maintain a separate password for logging into Stratawise.
If you have questions on regarding security that this article does not address, please ask contact your Stratawise account manager or email support (support@stratawise.com).
...