Data Security: How Cat Media Protects Your Data
At Cat Media, we understand that data is one of your most valuable assets. That's why we take security seriously for the data we manage internally and for our clients. As a HubSpot Solution partner and a Microsoft Cloud partner, we leverage the best technology and practices to ensure that your data is safe, secure, and compliant.
Here are some of the measures we take to protect your data
At Cat Media, we implement a robust security model called Zero Trust to safeguard our digital infrastructure and sensitive information. The Zero Trust approach is based on the principle of "Never trust, always check" which means that we continuously validate and verify the authenticity of every user, device, and connection, regardless of their location or access privileges. This methodology enables us to minimize potential risks and provide enhanced security across our entire network.
To achieve the highest level of protection in line with the Zero Trust model, we utilize an array of cutting-edge tools and services. These include Azure Active Directory, which serves as the backbone of our identity and access management, ensuring secure authentication and authorization for all users. Single Sign-On (SSO) streamlines access to multiple applications with just one set of credentials, simplifying the user experience while bolstering security.
Additionally, Conditional Access allows us to enforce context-aware policies, granting or denying access based on factors such as user location, device health, and risk levels. We also incorporate Cloudflare Zero Trust to protect our web applications from external threats and secure our Internet traffic. Hardware Encryption is another key component in our security stack, as it safeguards data stored on our devices, preventing unauthorized access even if the hardware is compromised.
Segment
We segment our team and assign roles and permissions based on the principle of least privilege. This means that each member and team only has access to the data they need to perform their tasks, and nothing more. This reduces the risk of unauthorized access or misuse of data.
Azure Active Directory
We use Azure Active Directory with Conditional Access to manage our identity and access management. Azure AD is a cloud-based service that provides single sign-on (SSO), multi-factor authentication (MFA), passwordless authentication, conditional access policies, identity protection, and more. Conditional Access allows us to enforce granular rules based on user, device, location, app, or risk level to grant or deny access to resources.
MFA
We use Multi-Factor Authentication by default. By combining something the user knows, such as a password or PIN, with something they have, like a physical token or smartphone app, and something they are, such as a biometric identifier like a fingerprint or facial recognition. This layered approach to security makes it significantly more difficult for cybercriminals to gain access to sensitive information.
Centralise
We centralise all our assets in our SharePoint, a cloud-based platform that allows us to store, share, and collaborate on documents securely. SharePoint has built-in features such as version control, encryption, auditing, backup, and recovery that help us safeguard our data. Our data is mirrored up to three times to significantly reduce the possibility of losing data if something goes wrong.
Always up to date
We always keep our Windows, Mac and iOS devices up to date to avoid security vulnerabilities. We only run on supported versions of the software we use and decommission devices when they are at their end of support. The centralised Active Directory allows us to audit device compliance.
Bit Locker
We also use Trusted Platform Module (TPM), Secure Boot, and Windows Hello to protect our data. TPM provides hardware-based security features such as storing encryption keys, digital certificates, and passwords. Secure Boot ensures that the firmware and operating system boot loader are signed and verified by a trusted authority before they are executed. Windows Hello is a feature that provides passwordless authentication using biometrics such as facial recognition, fingerprint, or PIN.
We also encrypt all our Windows-based workstations and servers using BitLocker encryption, which prevents unauthorized access to our data if a device is lost or stolen. BitLocker encrypts the device's entire drive so that only authorized users can unlock it with a password or a recovery key centralized in our Azure AD. Devices are wiped after a number of unsuccessful login attempts to prevent brute forcing.
Secure Enclave
We use Apple devices with Secure Enclave for our top-tier workstations and mobile devices. The Secure Enclave is a system on chip (SoC) that is included on all recent Apple Silicon-powered devices as well as those with the Apple T2 Security Chip. It provides the foundation for the secure generation and storage of the keys necessary for encrypting data at rest and protects and evaluates biometric data for Face ID and Touch ID.
By using these machines with Secure Enclave technology built-in, we ensure that our data is protected by hardware security features designed to keep our software and information safe. This includes a Boot ROM that forms a hardware root of trust for secure boot and an AES engine that performs fast inline encryption and decryption as files are written or read.
Encrypt
We encrypt all our data in transit and at rest using industry-standard protocols such as SSL/TLS and AES. This means that your data is protected from eavesdropping or tampering while it travels over the internet or while it is stored on our servers.
ZeroTrust
In addition to Conditional Access, we use Argo Tunnels with CloudFlare Zero Trust, a solution that secures every connection without relying on VPNs or firewalls. CloudFlare Zero Trust verifies every request using multiple factors such as identity, device posture, geolocation, time of day, etc., before granting access to applications or data.
By implementing these measures, we ensure that your data is always protected from unauthorized access or compromise. We also comply with relevant regulations such as GDPR and follow other industry best practices such as ISO 27001.
At Cat Media, we are committed to delivering high-quality solutions for your marketing, sales, web design, CRM, data, integrations, and technical implementation needs. We are proud to be a HubSpot Solution partner and a Microsoft partner and leverage their powerful platforms to help you grow your business.
If you want to learn more about how we can help you achieve your goals with HubSpot and Microsoft or have any questions about our security practices, please contact us today.