Data Protection
Last modified on July 21, 2023
Device and User Identity
When users install the client locally, StrongDM generates and records a forgery-resistant fingerprint of the device. Each client and proxy instance have unique cryptographic identities, as distributed via the StrongDM API. Any attempt to access the session from another device will terminate all connections and force re-authentication.
Protection of Data in Transit
Encrypted connections to the Admin UI
The Admin UI supports TLS 1.2 and TLS 1.3 connections. All traffic to app.strongdm.com that is not secured by a supported protocol is rejected. Typically this is only a possibility when a very old, unsupported browser version is being used.
Encrypted connections between clients and nodes
Once a user authenticates and initiates a valid session using the client, a mutually verified TLS 1.2 connection is established between the client and one or several gateways to ensure the confidentiality and integrity of the connection.
In addition, the gateway or relay that is interacting directly with the resource uses the resource’s native encryption method, such as TLS/SSL.
All traffic between the client and the destination is multiplexed via the encrypted connection regardless of the encryption status or capabilities of the underlying protocol.
API security
All StrongDM API traffic conforms to modern practices for preventing request interception, modification, or replay. Each call is signed using device and session keys unique to the caller’s installation and most recent authentication.
Protection of Data at Rest
StrongDM operates primarily in Amazon Web Services (AWS), and we use a number of AWS native encryption methods for protecting data at rest within the configured services.
Access to Customer Data
We use strict role-based access controls to ensure that only a limited and authorized number of people have the ability to access customer data.
Strict environmental segmentation and StrongDM’s Data Protection Policies prohibit customer data from ever being used in development, testing, or QA environments.
Minimization of Collected Data
The customer data collected by StrongDM represents the amount of data necessary to develop, support, and improve the software.
Collection of Personally Identifiable Information
StrongDM only collects Personally Identifiable Information that is strictly necessary to deliver Platform capabilities to our Customers.
| Data Element | Usage |
|---|---|
| First and Last Name | User Identification |
| Business Email Address | User Identification |
| IP Address | Audit Logging |