As the world’s leading independent Data Management Platform (DMP), Lotame serves as an important partner to many enterprises, and takes seriously its role as a protector of the data that companies entrust to us. To that end, we have outlined below some background information for Lotame’s systems and processes.
Authentication – All access to the platform is protected through passwords that require meeting minimum complexity standards. Passwords are salted and hashed prior to storage, such that no client passwords are retrievable by anyone, including Lotame personnel.
Authorization – The platform utilizes a multi-layered authorization framework to ensure access is provided only as needed while maximizing flexibility. Users are granted Roles, and Roles aggregate one or more Permissions. Permissions in turn protect granular access to UI screens or individual fields on those screens, and API operations. Permissions are enforced both within the UI to optimize the user experience and in the API to guarantee operations are only performed as granted. Individual users may have different roles within different accounts, such as divisions within a company, clients within a marketing agency, or sites within a publishing network.
Data Access – All client data is logically encoded with ownership information, and all data export points must validate ownership against permission sets prior to exposing the data. Clients control visibility of their data to their users and partners.
Data Context – At rest, client data in Lotame systems is encoded with Lotame-specific identifiers that have no meaning outside of the context of the Lotame DMP. Any bulk data breach would therefore not expose valuable client information, as the metadata required to derive meaning is encoded within the Lotame DMP.
Data Transport – Transport of data in and out of the platform utilizes encrypted transport protocols to protect the data in transit, including SSL for user interactions with the API and UI, SSL for interaction with consumer devices, and SSL and SSH for customer and partner server to server integrations.
Server Environments – All Lotame client data is stored on servers co-located in world-class data centers. Access to the servers is restricted through a combination of management systems and physical access safeguards and procedures that meet or exceed international security standards such as ISO 27001, including allowed personnel rosters, photo id, and biometric scanners
Global Support – Lotame transactional processing, aka edge serving, is supported globally by a leading cloud services provider that is certified ISO27001 for following security management best practices and implementing comprehensive security controls.
Privacy – Lotame publishes and regularly updates privacy policies that outline how Lotame collects, uses and process data for its own use, and for use by its clients in connection with the Lotame Data Exchange, the Lotame Data Management Platform, and other Lotame products and services.
Corporate Security – Lotame maintains internal IT policies governing best practices for utilizing IT resources. All Lotame employees are required to read and adhere to these policies. Additionally, Lotame enforces regular reviews of critical security data to ensure compliance.
Software Development – Lotame utilizes industry-standard best practices during the development, testing, and deployment of software. Development practices include managed source control, peer code reviews for best practices and quality, automated unit and module level testing, and automated build processes. In addition to unit and module level testing, we consider systemic platform testing an integral part of the release process. As such, we maintain a testing environment that replicates the production environment in structure, procedure and operational security. Deployments to this environment are fully automated and include platform wide regression testing.
Operational Security – Access to systems that host customer data and processing is strictly controlled and only granted to individuals at the level required for the individual’s job responsibilities. All changes to software configuration are logged via both a ticketing system and a change control system from which deployment of those configurations is automated. Security credentials are maintained separately from standard application configurations and require elevated permissions to access.
Lotame is committed to reliable service, transparent operation, and business continuity for all of customers of our services and platforms. We employ multiple architectural patterns in the core of our applications to provide high service levels from the ground up.
Transparency – Lotame maintains an operations portal at http://status.lotame.com/. This portal provides real time updates on scheduled system maintenance and unscheduled operational incidents.
Architectural Redundancy – Every application within all tiers of the Lotame stack operate with a minimum of N+1 redundancy, where N is defined as the minimum number of instances required to maintain performance of that application at peak volume levels. Similarly, all network components within the Lotame infrastructure are fully redundant, including firewalls, switches, and the physical interfaces between them.
Data Redundancy – Critical data is stored on two or more physically disparate devices, allowing for transparent real time or near real time recovery of data in the event of a hardware failure. Customer configuration data is backed up both in full and incrementally to provide multiple paths to recovery in the event of a data corruption incident (i.e. user error or hardware failure.)
Capacity Management – Many applications within the Lotame stack, such as edge serving, experience either strong time of day load patterns, or are susceptible to external load factors out of Lotame’s control. We manage these applications by maintaining elastic capacity within our cloud provider, both within the United States and Internationally across six hosting facilities. The edge serving components that are sensitive to volume and latency are deployed and configured to automatically add capacity on demand (i.e. autoscale) as load levels exceed configured thresholds.
Clustering – Applications within the Lotame stack operate as “clusters” of physical and/or virtual hosts, in most cases with each node in the cluster able to operate independently and without knowledge of the other nodes in the cluster. These clusters are exposed to upstream and downstream components using loosely-coupled design patterns with either auto-discovery or physical load balancing devices, which allows for nodes to come and go from the clusters transparently.
Lotame is serious about data protection and security. If you have additional questions and would like to find out more, please contact us.