Privacy Page
Strum Platform Security Overview
This page was last updated on Jan 1st, 2026
Strum Platform is designed to make data accessible withoutcompromising security. The platform is built on a hardened cloud infrastructurewith strong tenant isolation, role-based access controls, and continuousmonitoring aligned with SOC 2 security principles.
This document provides a high-level overview of the Strum security framework,followed by detailed descriptions of the technical controls used to protectcustomer and company data.
STRUM Platform Security at a Glance
S — Secure Infrastructure
· Hardened, cloud-hosted infrastructure with logical separation of application and database layers
· Web application firewall, DDoS protection, andautomated bot mitigation at the network edge
· Encryption enforced for all public and internal service communications
T — Tenant & Data Protection
· Isolated database instances per customer toenforce tenant segregation
· Encryption of data at rest and in transit
· Network segmentation between application, administrative, and data environments
R — Role-Based Access
· Granular permission model: Administrator,Read-Write, and Read-Only
· Least-privilege access enforced by default
· Group-based access controls to restrict access by team or data domain
U — User Identity & Access Management
· Centralized identity and access management controls
· Support for single sign-on (SSO) and multi-factor authentication (MFA)
· Secure handling of authentication and session data
M — Monitoring & Maintenance
· Centralized monitoring, logging, and alerting across the platform
· Endpoint detection and response deployed on all servers
· Regular patching, vulnerability assessments, and disaster recovery testing
Detailed Security Controls
S — Secure Infrastructure
Strum Platform operates within a dedicated, high-availability cloud environment. Application and database components arelogically separated, and backend systems are never directly exposed to the public internet.
All inbound public traffic is routed through a security edge network providing web application firewall controls, automated bot mitigation, DDoS protection, and credential abuse monitoring. All servers reside behind hardened network firewalls with inbound and outbound traffic restricted to required services only.
Prior to production deployment, servers undergo standardization and hardening, including security baseline enforcement, configuration review, and regular patching. Endpoint detection and response controls provide continuous threat monitoring and rapid containment.
T — Tenant & Data Protection
Customer data is stored in isolated database instances to ensure strict tenant segregation. All databases use encryption at rest, and communication between application services and databases is encrypted using modern TLS protocols.
Access to database services is restricted to authorized application components only. Network rules enforce approved communication paths, and the database infrastructure is designed for redundancy, fault tolerance, and disaster recovery.
R — Role-Based Access
Access to Strum Platform is governed by a clearly defined role-based permission model. Users are assigned one of three permission levels: Administrator, Read-Write, or Read-Only. Permissions are enforced at the asset and dataset level.
Employee groups allow organizations to further restrict access by team, function, or data domain, supporting least-privilege access while maintaining operational flexibility.
U — User Identity & Access Management
User authentication is governed through centralized identity and access management controls. Organizations can enforce consistent security policies, including support for single sign-on and multi-factor authentication where applicable.
Authentication, authorization, and session information is encrypted in transit to protect against interception or misuse.
M — Monitoring & Maintenance
Strum Platform uses centralized monitoring, logging, and alerting to identify anomalies, performance issues, and potential security concerns across the environment. Regular security reviews, vulnerability assessments, and patching cycles are performed to maintain alignment with industry standards and evolving threats.
Backups are encrypted and maintained according to defined retention and recovery standards. A dedicated disaster recovery environment maintains near-real-time data replication, with automated failover designed to restore service availability within approximately one minute in the event of a disruption. Once primary services are restored, traffic automatically returns to the production environment.
If your organization requires additional technical detail or a security walkthrough, please contact support@strumplatform.com.
