Security

Stratum Lab takes security as a top priority while dealing with customers’ data. We strive to implement robust and flexible security processes and practices to keep your data safe. No matter if it’s the client logging in or a visitor starting a chat the data exchanged is encrypted in transit and at rest. A multi-layered approach is implemented by Stratum Lab to support its People, Process, and Technological security requirements.


Stratum Lab Security Model

Login Security

Authentication is established over HTTPS (TLS 1.2) encrypted protocol, passwords are hashed and subsequently stored in a database that is encrypted.

Infrastructure Security

Stratum Lab network, infrastructure and architecture have multiple protection layers that ensure the highest levels of security and control, which include:

Access Control

All customer data is considered highly sensitive and protected and access is least privilege. All of our servers within our Network are with Access Control Lists (ACL’s) that prevent unauthorised requests getting to our internal network.

Strict Firewall rules restrict access to vulnerable ports to ensure secure and limited access to production environment.

Development, Patch and Configuration Management
All changes to the production system, be they code or system configuration changes, require review prior to deployment to the production environment. All system changes are peer reviewed and patches are deployed as relevant to their level of security and stability impact, with critical patches able to be deployed well within 24 hours of availability as appropriate.
Network Security

Stratum Lab uses firewall services for monitoring and alerting on abnormal behaviour or system configuration changes.

All communications with the outside world passes through access-list enabled routers. Only HTTPS protocols are allowed to into or out of Stratum Labs’ service network.

Logical security
Stratum Lab ensure strict privacy controls to ensure data privacy and prevent one customer from accessing another customer’s data. Customer data is logically protected and segregated in a way that ensures only authorized entities are able to access it. Access goals mechanisms have been implemented to efficiently support this goal.

Web Application Security

The main service that Stratum Lab protects is transactional data upload, processing and storage. All visitors ‘tagged’ with Stratum Lab tracking code are monitored. Data transferred to and fro from the web applications are secured with web application firewall. Sessions are fully encrypted with 256bit encryption.

Data and Encryption Policies
All changes to the production system, be they code or system configuration changes, require review prior to deployment to the production environment. All system changes are peer reviewed and patches are deployed as relevant to their level of security and stability impact, with critical patches able to be deployed well within 24 hours of availability as appropriate.
Data Collection

As an Application Service Provider, unless configured otherwise, Stratum Lab collects Information such as filtering selections and information related to browsing on behalf of the brand.

Automatic information such as web browser and usage information, IP address, operating system, browser types, page view tallies, page browsing information and type of device used are also collected.

Personal information such as name and contact information, surveys, and transcripts with Stratum Lab are collected as part of the visit to our website and use our apps.

Encryption In-transit

Stratum Lab’s end-to-end encryption ensures that only users with access can read what is sent, and nobody in between, even Stratum Lab. Transaction data is secured with a lock, and only the owners of that data have the special key needed to unlock and access that information.

The cryptographic keys used to encrypt and decrypt transactional data are stored exclusively on the endpoints.

Encryption At-rest (Data within Stratum Lab)
Stratum Lab uses a Security Hash Algorithm (SHA2) for all password entries.

Stratum Lab stores the customers’ sensitive data such as Name, Email, Business Details and transactional data in an MSSQL Database.

MSSQL enables Data-at-rest encryption by encrypting the physical files of the database. Data is encrypted automatically, in real time, prior to writing to storage and decrypted when read from storage. As a result, hackers and malicious users are unable to read sensitive data from tablespace files, database backups or disks.

Encryption Keys

Stratum Lab has adopted a Centralised Key Management Solution by Azure Key Vault which enforces clear separation of key from the encrypted data. The encryption, key management, and decryption process is inspected and verified internally by Stratum Lab.

Key Management Service is compliant with current standards such as NIST and FIPS.

Datacenter

Stratum Lab takes security as a top priority while dealing with Customers’ data. We strive to implement robust and flexible security processes and practices to keep your data safe. No matter if it’s the client logging in or uploading transactional data; the data exchanged is encrypted in transit and at rest. A multi-layered approach is implemented by Stratum Lab to support its People, Process, and Technological security requirements.

Secure and trusted service providers

Stratum Labs services are hosted in an advanced data centre operated by industry leader Microsoft Azure. Stratum Lab has selected this vendor based on their proven leadership in hosting services for high-capacity businesses. Our vendor adheres to the highest industry standards of quality, security and reliability. Their commitment enables Stratum Lab to deliver 24-hour service, 365 days a year to our customers.

Security

Microsoft Azure meets a broad set of international as well as regional and industry-specific compliance standards, such as ISO 27001/27002:2013, FedRAMP, SOC 1 and SOC 2, CSA, FIPS 140-2, HIPAA,ISO/IEC 27018, PCI-DSS, UK G-Cloud.

Business Continuity and Data Backup

Microsoft Azure ensures that the customers can balance the need to store backups at multiple locations in case of a disaster with the need to keep their data out of certain geographies. Microsoft provides clear data maps and geographic boundary information for all data centres.

Physical and Environmental Security

Microsoft Azure runs in geographically distributed Microsoft facilities, sharing space and utilities with other Microsoft Online Services. Each facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages.

These data centres comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.

Security Awareness and Confidentiality

Security awareness and customer data access policies are covered during employee onboarding as appropriate to the role and employees are updated as relevant policies or practices change. Employees also sign a Confidential Information and Intellectual property Agreement.

In the event that a security policy is breached by an employee, Stratum Lab reserves the right to determine the appropriate response, which may include termination.

Incidents and Response

Stratum Lab have implemented a formal procedure to deal with security events and have made the staff aware on our policies.

When security events are detected they are escalated to the respective response team, Response time to address the event is 2 hours. We make sure to notify the supervisory authority of Personal Data Breach within 72 hours of becoming aware of the breach.

Regulatory Compliance

Stratum Lab have adopted industry-best security practices to meet regulatory and security compliance requirements.