Data Protection

Last modified on July 21, 2023

Device and User Identity

When users install the client locally, StrongDM generates and records a forgery-resistant fingerprint of the device. Each client and proxy instance have unique cryptographic identities, as distributed via the StrongDM API. Any attempt to access the session from another device will terminate all connections and force re-authentication.

Protection of Data in Transit

Encrypted connections to the Admin UI

The Admin UI supports TLS 1.2 and TLS 1.3 connections. All traffic to that is not secured by a supported protocol is rejected. Typically this is only a possibility when a very old, unsupported browser version is being used.

Encrypted connections between clients and nodes

Once a user authenticates and initiates a valid session using the client, a mutually verified TLS 1.2 connection is established between the client and one or several gateways to ensure the confidentiality and integrity of the connection.

In addition, the gateway or relay that is interacting directly with the resource uses the resource’s native encryption method, such as TLS/SSL.

All traffic between the client and the destination is multiplexed via the encrypted connection regardless of the encryption status or capabilities of the underlying protocol.

API security

All StrongDM API traffic conforms to modern practices for preventing request interception, modification, or replay. Each call is signed using device and session keys unique to the caller’s installation and most recent authentication.

Protection of Data at Rest

StrongDM operates primarily in Amazon Web Services (AWS), and we use a number of AWS native encryption methods for protecting data at rest within the configured services.

Access to Customer Data

We use strict role-based access controls to ensure that only a limited and authorized number of people have the ability to access customer data.

Strict environmental segmentation and StrongDM’s Data Protection Policies prohibit customer data from ever being used in development, testing, or QA environments.

Minimization of Collected Data

The customer data collected by StrongDM represents the amount of data necessary to develop, support, and improve the software.

Collection of Personally Identifiable Information

StrongDM only collects Personally Identifiable Information that is strictly necessary to deliver Platform capabilities to our Customers.

Data ElementUsage
First and Last NameUser Identification
Business Email AddressUser Identification
IP AddressAudit Logging