Security
Last updated 15 Feb 2023
Incident Report
If a user, contractor or client of Strike becomes aware of an information security event or incident, possible incident, imminent incident, unauthorized access, policy violation, security weakness, or suspicious activity, then please immediately report the information by sending an email to [email protected]
Encrypting Data in Transit
We take the security of your data seriously. That's why we encrypt all external and internal requests to our servers using a secure SSL connection on port 443. You can see our SSL settings for yourself by clicking here. Protecting your data is our top priority.
Hosting and Database Storage
We understand the importance of keeping your data safe and secure. That's why we use advanced encryption technologies and access controls to protect our RDS databases from unauthorized access. We also regularly audit our databases to ensure that our security measures are always up to date. With Strike Security, you can trust that your data is in good hands.
Encrypting Data at Rest, Database
All of our databases are encrypted at rest using KMS keys to ensure secure storage and access to our data. This helps us to protect our data from any potential unauthorized access and maintain the confidentiality of our business information.
AWS Security Practices
We follow the steps of the Well Architected Security Pillar, which provides best practices for secure architecture and data management. By using these best practices, we can ensure that our systems are always secure and compliant with industry standards. Trust Strike Security to keep your systems and data safe.
Password Policy and Storage
We take password security seriously. When creating an account or in password updates, Strike requires a strong password that has at least 12 characters, and contains at least one number, one lower- and one uppercase letters, and a special character.
All user passwords are stored using the Bcrypt algorithm, that is one-way hash, with at least a cost salt of 2^12 delaying brute-force attacks, and giving protection against rainbow table attacks and encrypted password matching.
When a password change or reset is requested, an email is sent to the corresponding user so they are notified about it in case of a possible attack.
For more security, we recommend all users to enable Two-Factor Authentication in the account settings configuration.
If a user is trying to log in and incorrectly enters an account password on multiple (5) attempts, the account will be temporarily locked to prevent brute-force attacks.
WAF
We use Cloudflare to protect our customers and their data. Cloudflare provides powerful security features, including DDOS protection, secure connections, and an extra layer of encryption for sensitive data. Plus, its Web Application Firewall helps to detect and block malicious requests, and its Web Application Security feature identifies and fixes potential security vulnerabilities. With Cloudflare, you can trust that your website and data are safe from malicious attacks and protected by the latest security technologies.
Organization
All access to application admin functionalities is restricted to only the necessary Strike staff and restricted by VPN and other advanced security measures. All staff devices are required to have hard drive encryption, screen locking enabled and using our chosen antivirus (described in Endpoint protection section).
Endpoint protection
Is a type of security software used to protect our computers and endpoints from malicious attacks. It safeguards against viruses, malware, and other threats by monitoring for suspicious behaviors and activities. Endpoint protection provides us and our customers with a layer of protection from data breaches, malicious software, and other cyber threats. It also helps us to ensure the integrity of our data and reduce our risk of data loss.
Monitoring
Every access to our platform externally and internally is monitored and we have integrated many tools and implemented solutions to ensure that our system it’s always up. In case of problems in our system the corresponding teams are notified in our chosen tools so we can mitigate it as soon as possible.
Code Review and Static Code Analysis
Code review and static code analysis improve the quality and maintainability of a software project. Code review involves manually reviewing the source code, and static code analysis uses specialized tools to automatically analyze the code. These processes ensure that the code is readable, maintainable, and follows best practices.