Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

Stratawise recognizes that the consumer of SaaS services, such as Stratawise offers, can hinge on both the statements a vendor makes about security and their track record of actually protecting a customer’s data and the availability of their own services. As such, the confidentiality, integrity, availability, and authenticity of your organization’s data is very important to you, the customer, and to us.

This article summarizes the approach Stratawise uses to protect data and availability with a focus on the areas we often receive questions on from prospects or customers. We follow many more detailed practices not covered here.

In summary, we protect:

  • Confidentiality - by practicing privacy by design we work to limit where and when a user's private data is used. Every effort is used to minimize the scope both in terms of data flow and time period for private data. Beyond that, customers’ confidential business data is treated similarly, kept only as long as needed, in limited locations (e.g. primary data store and backup).

  • Integrity - techniques are used to ensure that data is not altered when in motion between a source and destination.

  • Availability - it is your data, and it should be accessible at all times. Considerable effort goes into ensuring systems are resilient to potential availability threats, such as denial of service or a bad actor deleting information or shutting down systems.

  • Authenticity - by ensuring users are authenticated and authorized, we ensure only users that should input, update, or delete data are allowed to. Beyond that, we maintain audit logs for every update made to data or configurations, enabling you to confirm who changed what, when, and from which IP Address.

Notes on encryption techniques used:

  • Standard, public algorithms are used for encryption.

  • Where involved, certificates and associated private keys are carefully managed according to best practices. The keys are kept private leveraging Azure’s Vault.

  • Encryption in motion often involves asymmetric key exchange, where this provides optimal security, it is utilized.

  • In Motion: All data is encrypted in motion within Stratawise using TLS 1.2.

  • At Rest: All data is encrypted at rest using Azure’s Transparent Data Encryption (TDE). TDE uses the AES256 algorithm. With TDE, real-time encryption and decryption of the database, associated backups, and transaction logs, are automatically handled.

Login Authentication:

  • All accounts required to access the infrastructure have two-factor authentication enabled.

  • All secrets required to further access resources within Azure are protected using Azure’s Vault to ensure no passwords or keys are stored as plain text.

  • The principle of least privilege is used to ensure users have minimal permissions, and additional permissions are only granted what is required to do the current operation assigned to them.

  • As users change job duties or leave the company, access control processes are followed to ensure access is removed promptly.

  • Optionally, your organization's identity access mechanism can be used to authenticate through SAML to provide Single Sign-On (SSO). In this way, users do not have to maintain a separate password for logging into Stratawise.

If you have questions on security this article does not address, please ask your Stratawise account manager or email support (support@stratawise.com).

  • No labels