Security Whitepaper
Enterprise-Grade Security for Modern Hospitality
Version 1.0 | Last Updated: January 2025
Executive Summary
WiFiIQ, developed by Strategy9 Inc., is committed to providing the highest levels of security and data protection for the hospitality and casino industries. This whitepaper outlines our comprehensive security framework, demonstrating how we protect your guests' data and your business operations.
Independently audited security controls
Enterprise-grade cloud security
Data protected in transit and at rest
Continuous threat detection and response
Meeting global privacy regulations
1. Introduction
In today's digital landscape, hotel and casino guests expect seamless WiFi access while trusting you with their personal information. WiFiIQ understands that a security breach can damage your reputation, result in significant financial losses, and erode guest trust built over years.
This whitepaper details how WiFiIQ's security architecture, policies, and procedures work together to protect your business and your guests' data. Whether you're evaluating WiFi captive portal solutions or seeking to understand our security practices, this document provides comprehensive insights into our security framework.
2. Security Architecture Overview
WiFiIQ is built on a defense-in-depth security model that implements multiple layers of protection:
2.1 Infrastructure Security
Our infrastructure leverages enterprise-grade security features:
- Microsoft Azure Hosting: Utilizing Azure's world-class data centers with physical security, redundancy, and compliance certifications
- Network Segmentation: Production environments are isolated from development and testing environments
- Firewall Protection: Azure Network Security Groups and advanced firewall configurations prevent unauthorized access
- DDoS Protection: Built-in protection against distributed denial-of-service attacks
2.2 Application Security
WiFiIQ applications (EmailIQ and PlayerIQ) incorporate security at every level:
- Secure Development Lifecycle: All code undergoes peer review and security testing before deployment
- Input Validation: Protection against injection attacks and malicious inputs
- Session Management: Secure session handling with automatic timeouts
- API Security: Rate limiting and authentication on all API endpoints
3. Data Protection
Your guest data is protected by multiple layers of encryption and access controls, ensuring confidentiality and integrity at all times.
3.1 Encryption Standards
| Data State | Encryption Method | Key Management |
|---|---|---|
| Data in Transit | TLS 1.2+ encryption for all communications | Industry-standard certificates |
| Data at Rest | AES-256 encryption for databases and file storage | Azure Key Vault with automated rotation |
| Backup Data | Encrypted backups with separate key management | Segregated access controls |
3.2 Data Classification and Handling
We maintain strict data classification policies:
- Guest Personal Information: Highest protection level with restricted access
- Authentication Credentials: Encrypted and never stored in plain text
- Marketing Data: Anonymized where possible, encrypted when identifiable
- System Logs: Sanitized to remove sensitive information
4. Access Control and Identity Management
4.1 Employee Access
WiFiIQ implements strict access controls for all personnel:
- Principle of Least Privilege: Employees only have access to systems necessary for their role
- Multi-Factor Authentication (MFA): Required for all production system access
- Background Checks: All employees undergo background screening before hire
- Access Reviews: Quarterly reviews ensure access remains appropriate
- Immediate Revocation: Access removed within one business day of termination
4.2 Customer Access Management
Your administrative access to WiFiIQ is protected by:
- Unique user accounts with strong password requirements
- Role-based access control (RBAC) for different permission levels
- Session timeout after periods of inactivity
- Audit logging of all administrative actions
5. Security Monitoring and Incident Response
24/7 Monitoring: Our security operations center continuously monitors for threats, ensuring rapid detection and response to any security events.
5.1 Continuous Monitoring
We employ multiple monitoring systems:
- Security Information and Event Management (SIEM): Real-time analysis of security alerts
- Intrusion Detection Systems: Network and host-based monitoring
- Vulnerability Scanning: Quarterly internal scans and annual penetration testing
- Performance Monitoring: Prometheus and Azure Monitor track system health
5.2 Incident Response Plan
Our comprehensive incident response plan includes:
- Detection: Automated alerts and manual review processes
- Assessment: Rapid triage to determine severity and scope
- Containment: Immediate action to prevent spread or escalation
- Eradication: Complete removal of threats and vulnerabilities
- Recovery: Restoration of normal operations with verification
- Lessons Learned: Post-incident review and process improvement
Response Time Commitment: Critical incidents are addressed within 1 hour of detection.
6. Compliance and Certifications
6.1 SOC2 Type 1 Certification
WiFiIQ has achieved SOC2 Type 1 certification as of January 20, 2025, demonstrating our commitment to:
- Security: Protection against unauthorized access and data breaches
- Confidentiality: Safeguarding of sensitive information
This certification, conducted by independent auditor Laika Compliance LLC, validates that our security controls are suitably designed to meet our service commitments.
6.2 Regulatory Compliance
| Regulation | How WiFiIQ Complies |
|---|---|
| GDPR (General Data Protection Regulation) | Data minimization, consent management, right to deletion, data portability |
| CCPA (California Consumer Privacy Act) | Transparent data collection, consumer rights support, opt-out mechanisms |
| PCI DSS (Payment Card Industry) | While we don't process payments, our security standards align with PCI requirements |
7. Business Continuity and Disaster Recovery
7.1 High Availability Architecture
- Redundant Systems: No single point of failure in critical systems
- Load Balancing: Automatic distribution of traffic across multiple servers
- Auto-Scaling: Dynamic resource allocation based on demand
- Geographic Distribution: Services distributed across multiple Azure regions
7.2 Backup and Recovery
| Backup Type | Frequency | Retention Period | Recovery Time Objective |
|---|---|---|---|
| Database Backups | Daily | 30 days | < 4 hours |
| Configuration Backups | Daily | 90 days | < 2 hours |
| System Snapshots | Weekly | 30 days | < 6 hours |
8. Security Best Practices for Customers
Security is a shared responsibility. While we protect the infrastructure and applications, customers play a crucial role in maintaining overall security.
8.1 Recommended Customer Security Practices
- Strong Passwords: Use complex passwords for all WiFiIQ administrative accounts
- Access Management: Regularly review and update user permissions
- Security Awareness: Train staff on phishing and social engineering threats
- Incident Reporting: Immediately report any suspected security incidents
- Software Updates: Keep integrated systems and browsers updated
Download Security Resources
Get additional security documentation and resources
Download PDF Version Request SOC2 ReportQuestions About WiFiIQ Security?
Our security team is here to help. For additional information about our security practices:
Email: security@strategy9.com
Phone: 1-855-838-3999