alpha release Overview of Security measures
General measures to warrant integrity of systems and employees/representatives
Stream Machine is built on Google Cloud Platform and according to GCP (public) security standards, one of the best secured cloud platforms available. If deployed in your (public or private) cloud, we only run a meta control plane inside our own clusters, no customer information comes our way whatsoever.
As per 1/1/2021, all directors, employees and subcontractors of Stream Machine are obliged to obtain and present a Certificate of Conduct (Verklaring Omtrent Gedrag) with a maximum age of 6 months when entering into a (labor) agreement with Stream Machine. This is a general requirement not limited to employees with exposure to production systems.
All core (customer) data services run in European data centers, we strongly prefer European DC’s if available for peripheral or workflow services (like internal communications, development workflow or project management systems).
Measures to warrant only authorized access to data and systems
a. Two-factor authentication is enforced for any human access to data- and software systems.
System and data access (specific services, systems or data sources) is provided according to Least Privilege (system) and Need To Know (data) principles.
Measures to prevent accidental or unintended editing, erasure, or unauthorized access, storage or publication, at rest or in transit.
Data Access is managed via Identity profiles (IAM), based on Need to Know principles.
Core services are backed up continuously, databases are built according to high-availability and strong replication requirements. Core data (streaming) infrastructure has a data retention of 7 days (regardless of message consumption) and is replicated at least twice. This is intended as a failover period, Stream Machine holds no interest in retaining customer data.
Data through and generated by peripheral services (that mainly carry out orchestration tasks) is replicated daily.
Container-based architecture provides for high fault tolerance by design.
Transport Level Security and account (credential) level access limitunauthorized external access.
Per request, Firewall Whitelisting and/or VPC peering adds an additional security layer to data exchange/transport.
Standards in encryption and de-identification of personal data
This is what we consider our core business.
By default, all data is encrypted, according to the highest standards with regards to (personal) data encryption (AES256-SIV) yet. If stronger methods become available that allow us to increase security and privacy levels without sacrificing latency, we choose to upgrade.
Encryption keys rotate every 24 hours, to make sure any patterns in already-pseudonymised data streams are broken and cannot lead to secondary identification. We are constantly evaluating data processing algorithms to achieve stronger anonymization and plan to release a wider suite of privacy levels for customers to choose from.
Access to encryption keys of production data, solely for operational purposes, is based on Least Privilege and Need to Know principles. Where necessary for operational and support purposes, access to the data in any customer privacy stream can only be done via explicit, written (customer) consent.
It is at a customer's discretion to decide (a) if streams are (partially) decrypted by Stream Machine (as part of the privacy streams we supply, this requires explicit customer instruction/action through our tooling) OR (b) where decryption takes place (e.g. customer infrastructure or public cloud). Stream Machine is able to deliver the necessary tools to decrypt only on customers’ end as an additional level of privacy-safety.
Measures to permanently warrant availability, integrity and confidentiality
a. Stream Machine is architected and built by the latest engineering standards and fault-tolerant by design.
Continuous monitoring, metrics, (access) logging and alerting are in place to detect and respond to incidents.
Measures to restore availability and access to (personal) data in case of incidents
Databases and clusters are configured with high availability and strong replication.
Core customer data (your user data) is retained for 7 days maximum and replicated.
(Also ref article 3b of this overview)
Measures to prevent unauthorized access and identify potential risk areas in relation to processing of personal data
We start from a strong security design, built around the latest SecOps standards
Dependencies and libraries are scanned and kept up-to-date to latest (security) releases.
Authentication is done via OAuth 2.0 and JWTs (depending on the service).
We enforce 2FA for any human access.
Any networking is Transport Layer Secured, mutually (mTLS) if service-to-service within Stream Machine infrastructure.
Containers run as non-root to ensure isolation, Role-based Access Control is in place for container orchestration.
Any machine-to-machine communication runs according to Least Privilege principles.
We actively scan and test our infrastructure for potential breach areas.