At Lytica, we are deeply committed to providing our clients with the highest levels of security, privacy, and confidentiality. Our focus is on constantly evaluating and improving our security practices to meet industry benchmarks and stay at the forefront of technology. We strive to deliver top-quality analytics products while maintaining a robust data security posture. In this document, we will outline our approach to data security, which includes physical security, servers, network security, access control and other security measures.
Some of the ways Lytica protects your information are listed below:
Data Centers and Servers Security Physical Security
We rely on Microsoft’s best-in-class security practices when it comes to physical data center access. Many of the world’s largest companies, including those in the banking, healthcare, and government sectors, host their data in Microsoft’s data centers. You can learn more about Microsoft’s physical security measures here: https:// learn.microsoft.com/en-us/azure/security/fundamentals/physical-security
Patching and Anti-Malware: To ensure all our servers have the latest security updates we perform monthly patching. We also deploy industry-recognized endpoint protection software on all our servers.
Monitoring: We use a comprehensive set of monitoring tools and techniques to provide high-level operational visibility into all of production systems that power Lytica platform.
Network Security Network Architecture
To ensure network layer security, Lytica has implemented an industry-standard zoning approach. This approach involves separating different network segments and applying distinct control policies. For example, we maintain a separate public zone from the backend zone. All inbound traffic to our Supply Lens Pro platform is routed through an application gateway acting as a web application firewall. This aligns with Microsoft’s recommended network design best practices.
Network Monitoring: To actively monitor and prevent data leaks, we employ industry-standard tooling that enables us to detect anomalies in inbound and outbound traffic. We use state of the art Network Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) to detect and mitigate security events.
Security Incident Event Management (SIEM): Lytica uses an industry recognized SIEM solution to monitor, detect and respond to security incidents. SIEM solution aggregates all security related logs from Lytica’s systems and provides a single pane of glass monitoring and analysis system for our security operations staff.
Application Security and Encryption Penetration Testing
Web and network penetration tests on the applications are performed annually by a 3rd party vendor. We also use a web application firewall solution to protect our applications from common vulnerabilities and exploits.
Application Vulnerability Scanning: An automated vulnerability scan is run on every code release before it is pushed to user acceptance testing (UAT) environment. If the penetration test fails, the release and relevant information are sent back to development.
Data in Transit Encryption: Internet-facing and internal network communications are encrypted via Hypertext Transfer Protocol Secure (HTTPS), Secure File Transfer Protocol (SFTP) and Transport Layer Security (TLS).
Data at Rest Encryption: All data stored “on disk” is encrypted using the AES standard with a key length of 256 bits.
Separate Environments: Our development, testing and staging environments are separated from the production environment, both physically and logically.
Access control and Data Governance Data Governance
We recognize that any data security plan is only as strong as its weakest link. To mitigate the risk of human operator mistakes, we have implemented an access control framework and a Data Governance Strategy (the Data Governance document is available upon request).
Role-Based Access Control and Principle of Least Privilege: Our access control framework is based on Role-Based Access Controls (RBAC) and the principle of least privilege. RBAC allows us to assign permissions to specific roles, such as data scientists and customer success personnel, rather than individual users. The principle of least privilege ensures that only the necessary permissions required to fulfill specific functions are granted.
Access Logging and Audit: To maintain the integrity of our access control policies, we utilize audit logs and continuous monitoring.
Data Privacy and Confidentiality: At Lytica, we employ various industry-standard techniques to provide our customers with the highest levels of data privacy and confidentiality guarantees. These techniques include data tokenization, statistical analysis, and encryption.
Data Anonymization: In our data processing pipeline, the first step is to replace any client identifiable information (e.g., client name, email address) with a unique token. This token accompanies the data as it progresses through subsequent stages of processing. The mapping between the token and actual client identities is only accessible to authorized customer success personnel, who require it solely for communication with our clients. These communications must be initiated by a client by contacting the customer success department or opening a support request thus granting an explicit permission for Lytica to access the mapping data.
Aggregate Data: Subsequently, we aggregate the received data points using statistical analysis methods. Any further analysis conducted by our algorithms and machine learning models operates on this aggregated data set, effectively masking individual data points. Our client-facing analytics products are also based on this aggregate data set and never include individual price points.
Security Operations Security Incidents Response
Lytica has a documented incident response plan that covers all aspects of an incident from detection to post-incident analysis. Our plans follow the guidelines of the ISO 27001 standards.
Disaster Recovery and Backups: Lytica has policies, tools and procedures in place to ensure minimal disruption in the event of a disaster. We employ industry standard containerization methodologies to monitor, and rapidly ‘factory reset’ stressed infrastructure elements. Customer configuration and report data is replicated to a secondary site that is available if the primary site goes offline. We test the disaster recovery plan annually.
By implementing these security measures, we aim to provide our clients with the utmost confidence in the security, privacy, and confidentiality of their data.
Please note that this document is intended to provide an overview of our data security strategy and is subject to change as we continually evolve our practices to meet emerging challenges and adopt new technologies.
If you have any questions, concerns, or requests please contact us at firstname.lastname@example.org or reach out to us at the following address:
555 Legget Drive #720, Tower A, Ottawa, Ontario, K2K 2X3 Canada