Cloud Security Analytics
Cloud Access Security Broker
Cloud Encryption

Cloud Access Security Broker (CASB)

StratoKey is a single point (gateway) for enterprises to secure an entire suite of cloud and SaaS applications. As a Cloud Access Security Broker (CASB), StratoKey performs a number of tasks including access control, in-app encryption, monitoring (inc. audit capabilities), behavioral analysis and can institute defensive countermeasures as required. StratoKey implements enterprise security policies for cloud (and SaaS) applications and can be deployed either on premise or in the cloud.

Identity Aware Authentication

Cloud Access Security Brokers

StratoKey sits between enterprise users and end cloud applications securing user access and hardening authentication. By directly interacting with users, StratoKey performs specific identity aware security tasks such as device fingerprinting, geo-locking and behavioral analysis among other measures to ensure that users are exactly who they say they are. StratoKey integrates seamlessly with common enterprise systems to ensure that deployment follows an interoperable approach.

Integrations:  SAML, Single Sign-On(SSO), Active Directory, policy enforcement (Groups/Users), Okta, Ping etc.

Cloud Visibility

StratoKey provides a monitoring capability that completely removes the SIEM blind-spot that can be exacerbated by the cloud. A standard feature of StratoKey is serving real-time access logs, user patterns, data consumption, device profiles, geolocation and much more through an complete monitoring interface. This interface provides complete visibility across an organization's entire cloud and SaaS application portfolio.

Interoperability with: Enterprise SIEM systems

Data Security - Encryption

StratoKey secures data by selectively encrypting it before it's sent to the cloud application. Sitting between users and the end cloud application, StratoKey intercepts sensitive data and encrypts the data before it reaches the cloud application. This encryption ensures that the end cloud application never holds sensitive information in plain text. StratoKey supports group policy based decryption, enabling organizations to directly control data decryption in the cloud and prevent inappropriate sharing or leaking.

Integrations / Specifications:  Thales nCipher, Safenet Luna, AES 256bit, Format Preserving Encryption (FPE)

Anomaly Detection

StratoKey compiles security profiles on each user passing through the gateway. These behavioral profiles are compiled over time. Users are then benchmarked against their historical patterns and that of their peers. Behavioral Analysis implemented by StratoKey is crucial in detecting security anomalies, significant changes in behavior, outliers, and insider threats.

Specifications: Behavioral analysis, anomaly detection, outliers (vs peers), insider attacks and misuse.

Threat Protection

Being able to detect threats is not enough to prevent data breaches. StratoKey implements specialist countermeasures to ensure that threats are defeated upon first touch. StratoKey's countermeasures are flexible and can respond depending on threat severity, from blocking connections, through to dispatching second factor challenges. The StratoKey countermeasure engine has a vast array of rules that can be configured to meet an organization's data protection policies; from geolocation locking, behavioral analysis, mobile/machine specific locks through to automatically purging of stale user accounts.

Adaptive Defense: OS/browser/mobile/device policy support, behavioral driven countermeasures and many more.


StratoKey directly assists organizations in meeting strict privacy and data security requirements whilst using cloud applications. Organizations can utilize StratoKey to meet encryption, monitoring, access control and other compliance requirements as specified in legislation such as HIPAA. StratoKey can perform direct Data Loss Prevention (DLP) through group sharing controls on cloud data. Whilst that may be sufficient for some organizations StratoKey also supports delegating DLP and anti-virus scanning to dedicated enterprise systems. This off-loading support is performed using the industry standard ICAP protocol.

Specifications: Data Encryption, Residency, Privacy and Compliance.

Complete CASB solution


StratoKey is the only vendor in the Cloud Access Security Broker market that offers a complete solution that is truly cloud and SaaS application agnostic. Through a unique architecture, StratoKey provides the ultimate flexibility for organizations securing their cloud and SaaS portfolio. StratoKey offers encryption, monitoring, behavioral analytics and security policy enforcement regardless of the end cloud or SaaS application.

Examples: Dynamics, SharePoint, NetSuite, ServiceNow, Salesforce, SugarCRM, OneDrive, Google Apps - and more!

Learn more about StratoKey