The StrateGene platform has been built by professional firms who are experts in security. To further ensure your data is secure, a professional security assessment was performed along with penetration testing. Both have been performed on the StrateGene® application and hosting environment. Penetration testing is defined as ‘the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
StrateGene is built on an enterprise platform that utilizes the following industry-standard security measures to protect your data:
- Data in Transit: SSL certificates ensure the data in transit is secure. Access to the StrateGene® Database is only available via the Secured StrateGene® application. All backend Application Programming Interfaces are HTTPS based, where the SSL certs encrypt the traffic between the web layer and app layer.
- Data at Rest: The StrateGene® database itself is encrypted as well as any database snapshots. Data that is encrypted at rest includes the underlying storage for database instances, its automated backups, Read Replicas, and snapshots. After the data is encrypted, the StrateGene® application authenticates access and decryption of the data happens transparently.
- Administrative Access: The StrateGene® application and supporting systems have users with Administrative Access. Access is granted on a need to know basis only.
- Secure Database Access: Access to the StrateGene® database is enabled only for the application tier. The Database credentials are used only by the application layer.
- Application Authentication and Authorization: The user management system is using an industry standard authentication and authorization system which utilizes generated access tokens - which are highly secure. These tokens also handle session expirations and session validations.
- Application Access to Database: Each user is granted a unique identifier and unique application Universally Unique Identifier (UUID), which is a Database generated hexadecimal string. Data access is determined by the user account connected to the UUID. All Database tables are logically partitioned by the UUIDs, which ensures users can access only the data that belongs to them. Account Usernames are not used as unique identifiers to access data.
- User Raw Data and Report Security: When a user is created in the StrateGene® system, the application creates a private data storage corresponding to that user and protected by a unique identifier. The private data storage is accessible only by the user.
- Logging and Monitoring: There is extensive application logging inside the StrateGene® application code and each user operation is audited.
- Third Party Access: The StrateGene® application allows for 3rd party access to specified data locations for the purpose of exchanging data using Application Programming Interfaces (API’s). The StrateGene® security system uses OAuth2 authentication in these instances. Specific security roles have been assigned to these third parties and the API’s are protected using these roles.