InfoSec Approach

Customer Security Context

All of our services are designed from the ground up to require the minimal amount of data to be able to review and forecast your cloud usage, and to purchase commitments on your behalf. We have an ISO9001 certified Quality Management system to ensure that our policies and processes are fully documented and followed to ensure a secure operating environment.

As your FinOps provider we have no access to your data. We only access the metadata for your billing, as provided within the AWS Cost & Usage (CUR) files. 

We operate and maintain commitments in dedicated ‘commitment holding accounts’ within your AWS Organization, so that we require no access to your usage Accounts. 

All of our access is provided through least privilege role-based access controls.

Our access is fully auditable through AWS Cloudtrail, and we welcome any questions.

A robust set of Infosec controls have been documented and impemented.

 We have a strong level of internal and external audit to ensure that we are secure and compliant. For additional information please contact security@strategic-blue.com.

People Based Security Approach

As with any organization people form a critical element of the security posture. We carefully vet staff, create strict separation of duties and complete regular training to reduce the human security risk.

Staff Vetting

All Strategic Blue employees with customer data access are background checked and are at least vetted to the UK Government Baseline Personnel Security Standard (BPSS) level. BPSS is a level of screening usually reserved for individuals working for or on behalf of government departments. It confirms the identity of individuals working with potentially sensitive information.

Administrators have UK Government Security Check (SC) level clearance. This represents an additional level of clearance above BPSS and is usually reserved for individuals regularly accessing data classified as SECRET and occasionally TOP SECRET data. Strategic Blue only looks at metadata and so this is far in excess of what would be normally required but represents our commitment to looking after your accounts.

Separation of Duty

Strategic Blue uses a least privilege approach and has separate roles for specific tasks with least privilege permissions granted such that employees are only able to perform functions in line with their business role.

Staff Training

Staff have regular information security training and awareness sessions. This aims to reduce the risk of accidental loss of data.

Request Access To Our Documentation

Essential cookies

Essential cookies enable core functionality such as page navigation. The website cannot function properly without these cookies; they can only be disabled by changing your browser preferences.

Performance cookies

Performance cookies help us to improve our website by collecting and reporting information on its usage (for example, which of our pages are most frequently visited).

Marketing cookies

We use third party cookies on our site to serve you with advertisements that we believe are relevant to you and your interests. You may see these advertisements on our site and on other sites that you visit.

This website uses cookies for analytics and an improved browsing experience.
Click Ok to accept