Your data is your most important asset

Data Security: How Cat Media Protects Your Data

At Cat Media, we understand that data is one of your most valuable assets. That's why we take security seriously for the data we manage internally and for our clients. As a HubSpot Solution partner and a Microsoft Cloud partner, we leverage the best technology and practices to ensure that your data is safe, secure, and compliant.

Conceptual image of micro circuit. Security concept

Here are some of the measures we take to protect your data

At Cat Media, we implement a robust security model called Zero Trust to safeguard our digital infrastructure and sensitive information. The Zero Trust approach is based on the principle of "Never trust, always check" which means that we continuously validate and verify the authenticity of every user, device, and connection, regardless of their location or access privileges. This methodology enables us to minimize potential risks and provide enhanced security across our entire network.

To achieve the highest level of protection in line with the Zero Trust model, we utilize an array of cutting-edge tools and services. These include Azure Active Directory, which serves as the backbone of our identity and access management, ensuring secure authentication and authorization for all users. Single Sign-On (SSO) streamlines access to multiple applications with just one set of credentials, simplifying the user experience while bolstering security.

Additionally, Conditional Access allows us to enforce context-aware policies, granting or denying access based on factors such as user location, device health, and risk levels. We also incorporate Cloudflare Zero Trust to protect our web applications from external threats and secure our Internet traffic. Hardware Encryption is another key component in our security stack, as it safeguards data stored on our devices, preventing unauthorized access even if the hardware is compromised. 


We segment our team and assign roles and permissions based on the principle of least privilege. This means that each member and team only has access to the data they need to perform their tasks, and nothing more. This reduces the risk of unauthorized access or misuse of data.

Azure Active Directory 

We use Azure Active Directory with Conditional Access to manage our identity and access management. Azure AD is a cloud-based service that provides single sign-on (SSO), multi-factor authentication (MFA), passwordless authentication, conditional access policies, identity protection, and more. Conditional Access allows us to enforce granular rules based on user, device, location, app, or risk level to grant or deny access to resources.


We use Multi-Factor Authentication by default. By combining something the user knows, such as a password or PIN, with something they have, like a physical token or smartphone app, and something they are, such as a biometric identifier like a fingerprint or facial recognition. This layered approach to security makes it significantly more difficult for cybercriminals to gain access to sensitive information.


We centralise all our assets in our SharePoint, a cloud-based platform that allows us to store, share, and collaborate on documents securely. SharePoint has built-in features such as version control, encryption, auditing, backup, and recovery that help us safeguard our data. Our data is mirrored up to three times to significantly reduce the possibility of losing data if something goes wrong.

Always up to date

We always keep our Windows, Mac and iOS devices up to date to avoid security vulnerabilities. We only run on supported versions of the software we use and decommission devices when they are at their end of support. The centralised Active Directory allows us to audit device compliance. 

Bit Locker

We also use Trusted Platform Module (TPM), Secure Boot, and Windows Hello to protect our data. TPM provides hardware-based security features such as storing encryption keys, digital certificates, and passwords. Secure Boot ensures that the firmware and operating system boot loader are signed and verified by a trusted authority before they are executed. Windows Hello is a feature that provides passwordless authentication using biometrics such as facial recognition, fingerprint, or PIN.

We also encrypt all our Windows-based workstations and servers using BitLocker encryption, which prevents unauthorized access to our data if a device is lost or stolen. BitLocker encrypts the device's entire drive so that only authorized users can unlock it with a password or a recovery key centralized in our Azure AD. Devices are wiped after a number of unsuccessful login attempts to prevent brute forcing.

Secure Enclave

We use Apple devices with Secure Enclave for our top-tier workstations and mobile devices. The Secure Enclave is a system on chip (SoC) that is included on all recent Apple Silicon-powered devices as well as those with the Apple T2 Security Chip. It provides the foundation for the secure generation and storage of the keys necessary for encrypting data at rest and protects and evaluates biometric data for Face ID and Touch ID.

By using these machines with Secure Enclave technology built-in, we ensure that our data is protected by hardware security features designed to keep our software and information safe. This includes a Boot ROM that forms a hardware root of trust for secure boot and an AES engine that performs fast inline encryption and decryption as files are written or read.


We encrypt all our data in transit and at rest using industry-standard protocols such as SSL/TLS  and AES. This means that your data is protected from eavesdropping or tampering while it travels over the internet or while it is stored on our servers.


In addition to Conditional Access, we use Argo Tunnels with  CloudFlare Zero Trust, a solution that secures every connection without relying on VPNs or firewalls. CloudFlare Zero Trust verifies every request using multiple factors such as identity, device posture, geolocation, time of day, etc., before granting access to applications or data.

By implementing these measures, we ensure that your data is always protected from unauthorized access or compromise. We also comply with relevant regulations such as GDPR and follow other industry best practices such as ISO 27001.

 At Cat Media, we are committed to delivering high-quality solutions for your marketing, sales, web design, CRM, data, integrations, and technical implementation needs. We are proud to be a HubSpot Solution partner and a Microsoft partner and leverage their powerful platforms to help you grow your business.

 If you want to learn more about how we can help you achieve your goals with HubSpot and Microsoft or have any questions about our security practices, please contact us today.

Microsoft Partner