Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Stratawise recognizes that the consumer of SaaS services, such as Stratawise offers, can hinge on both the statements a vendor makes about security and their track record of actually protecting a customer’s data and the availability of their own services. As such, the confidentiality, integrity, availability, and authenticity of your organization’s data is very important to you, the customer, and to us.

This article summarizes the approach Stratawise uses to protect data and availability at rest and in motion:

  • Confidentiality - by practicing privacy by default we work to limit where and when a user's private data is used. Every effort is used to minimize the scope both in terms of data flow and time period for private data. Beyond that, customers’ confidential business data is treated similarly, kept only as long as needed, in limited locations (e.g. primary data store and backup).

  • Integrity - techniques are used to ensure that data is not altered when in motion between a source and destination.

  • Encryption - data is encrypted at rest and while in transit to ensure that data’s confidentiality is maintained.

Encryption Specifics:

Notes on encryption techniques used:

  • Standard, public algorithms are used for encryption.

  • Where involved, certificates and associated private keys are carefully managed according to best practices. The keys are kept private leveraging Azure’s credentials cache.

  • Encryption in motion often involves asymmetric key exchange, where this provides optimal security, it is utilized.

  • In Motion: All data is encrypted in motion within Stratawise is encrypted in motion using TLS 1.2.

  • At Rest: All data is encrypted at rest using Azure’s Transparent Data Encryption(TDE). With TDE, real-time encryption and decryption of the database, associated backups, and transaction logs, are automatically handled by default.

Login Authentication:

  • All accounts required to access the infrastructure have two-factor authentication enabled.

  • All secrets required to further access resources within Azure are protected using Azure’s credential cache to ensure no passwords or keys are stored as plain text.

  • The principle of least privilege is used to ensure users have minimal permissions, and additional permissions are only granted what is required to do the current operation assigned to them.

  • As users change job duties are leaving the company, access control processes are followed to ensure access is removed promptly.

If you have questions on security this article does not address, please ask your account manager or email support (support@stratawise.com).

  • No labels