Strawberry Cloud Access (SCA) Security Information - Strawberry Manuals

Infrastructure Security

All data traffic within the SCA infrastructure is safeguarded using SHA-256 encryption paired with RSA encryption.
Low-level access to Strawberry systems is not granted to SCA hubs.
Root context is not utilized for the execution of SCA-facing components on Strawberry systems.

All streaming proxies that can be accessed via SCA are pre-encrypted on the Strawberry system using AES with a key length of 128 bits.
Every asset is encrypted with a unique pair of encryption and decryption keys.
Only encrypted content can be at rest in CDN & browser caches.
Regional geo-blocking of caches is supported.
All media content that can be accessed via SCA can be watermarked.
No company or user data is ever stored on SCA hubs.
Projective does not have access to its customer’s content unless the customer explicitly provides access.

Robust password practices are mandatory for all SCA users.
All passwords are stored as cryptographic hashes on the Strawberry system.
Strawberry supports Single Sign-on (SSO) for a wide range of services via the OpenID Connect protocol. Supported services include Okta, MyID, Azure AD and many more.

Strawberry systems directly connect to SCA Hubs through encrypted SSH tunnels.
SCA hubs only store the bare minimum of data that is required for their functionality.
All data stored on SCA hubs is anonymized.
SCA hubs don’t have a management interface.

The SCA infrastructure is hosted across several data centers and availability zones around the world.
Strawberry servers are always connected to all SCA Hubs in all regions, ensuring service availability even if an entire data center goes down.
Multiple SCA hubs per geographical region ensure high availability.
Encrypted content is served via CDNs in the requesters’ regions.