StrategyDotZero is powered by Gravity iLabs, a global innovation consulting firm. Gravity iLabs is committed to providing and maintaining the highest level of security for our clients and their data.
Our approach to security handling and infrastructure management is founded on the following six pillars.

ORGANISATION AND PEOPLE

  • Gravity employs a dedicated team led by the CISO who is responsible for the security and privacy of our client's data hosted on the StrategyDotZero (SDZ) platform
  • This team focuses on Platform Security, Security Management, Security Operations, Identity Management and Security Compliance

INFRASTRUCTURE SECURITY

Gravity's StrategyDotZero platform is a SaaS solution hosted within the Microsoft Azure Cloud Infrastructure

  • Microsoft Azure cloud is IRAP assessed and listed on Australian Signal’s Directorate (ASD) Certified CloudServices List (CCSL) as at 2019
  • Australian Cyber Security Centre has certified Microsoft Azure for processing, storing and transmitting of
    Australian Government Information from CLASSIFIED up to and including PROTECTED

Gravity leverages

  • Azure's availability zones and geo-replication features to help create a highly available solution to our clients, the StrategyDotZero Platform currently has 99.99% availability
  • Azure Auto-Scale to scale SDZ vertically and horizontally based on application performance or customisable rules to handle peaks in workloads automatically

APPLICATION AND DATA SECURITY

 

User Authentication and Access Control
StrategyDotZero supports single sign-on technologies to authenticate users
Password Encryption
StrategyDotZero passwords are encrypted before being stored onto the database. Decryption can only take place from within the application
Role Based Access Control
Role Based Access Control (RBAC) provides the ability to award appropriate access privileges for individual users determined by client administrators
Multi-tenancy
• Dedicated tenant instance- The client is provided with a dedicated database and an application layer
• Shared instance- The Database and application layer will be shared across multiple clients
Encryption
All communication to StrategyDotZero happens over HTTPS TLS1.2 which encrypts and protects the data while in transit
Data Management
• StrategyDotZero is built in consideration of controls set forth in the Information Security Manual (ISM) by the Australian Signals Directorate (ASD)
• StrategyDotZero uses Azure SQL Servers and Databases to store Client's Data
Data Backup & Recovery
• StrategyDotZero has a point-in-time restore functionality managed by Microsoft Azure Cloud, which is configured for a restore period of 35 days.
Features to manage data security
• Cryptographic Encryption
• Application White Listing
• Event Logging and Auditing
• Cross Domain Security
• Intrusion Detection and Prevention
• Geo-replication and Disaster recovery
• Location-based IP Whitelisting
• Industry Standard Encrypted Connection Strings in configuration files
• Continuous Vulnerability and Patch Management




SECURE DEVELOPMENT LIFE CYCLE

Product Management

  • Gravity ensures that appropriate product security touchpoints are embedded into each new feature

Requirements & Analysis

  • Our security team participates in the requirements development process by helping business analysts develop both use and abuse cases for security

Design & Implementation

  • Both automated and manual security testing is performed with every release
  • Independent penetration testers are engaged to regularly evaluate the design and implementation of our StrategyDotZero Platform

Security design reviews include both architectural and individual component to
reduce StrategyDotZero’s attack surface

DEPLOYMENT OPTIONS

 

Public Cloud

Infrastructure shared via the
internet with other organisations
and other members of the public

Hybrid Cloud

The Application resides as a
dedicated private instance on
the public cloud, where the
database resides on a private
dedicated server

Private Dedicated

A dedicated infrastructure is
provided for both the application
and database server

On Premise

The Application is hosted within
the client’s own infrastructure

COMPLIANCE AND GOVERNANCE

 

Gravity conducts a biannual IRAP (Information Security Registered Assessors Program) assessment of the StrategyDotZero Plaform through an independent assessor. The independent assessor evaluates the product’s design, implementation and operation in accordance with Australian Signal’s Directorate ISM requirements.

 

6 Reasons why StrategyDotZero is Secure and Trustworthy

 

☑ We care about security more than you do

☑ Your Data is protected and private

☑ We back up your data, so you don’t need to

☑ We value privacy as much as you do

☑ Your data is available when and where you need it

☑ You make the rules