website logo
HomeTwitterLinkedInLogin ➡️
⌘K
Overview
Getting started
Connect an Account
AWS Account
Azure Subscription
GCP Project
Managing Accounts
Reverse Terraform
Asset Explorer/Reverse Terraform
Diff
Diff Email
Snapshot Diff
Ignored properties
Environment Explorer
Compliance
GraphQL API
IaC Catalog
Overview
Getting Started with Terraform Blueprints
Configuration
Producer Flow
Consumer Flow
CI/CD Configuration
Management
Security
Feedback/Contact
Docs powered by archbee 
8min

Security practices

AutoCloud is secure. We are SOC2 compliant.

Our Security Practices

Architecture

AutoCloud infrastructure is built to exceed CIS level I benchmark compliance.

Designed in accordance with AWS's Well Architected Framework best practices around security, privacy, & compliance.

Encryption

All communication, both internal & external is encrypted with TLS1.2. All data is encrypted at rest, regardless of storage method. Queue messages are software-encrypted on top of queue encryption.

Authentication & Authorization

All system access is provided through strict identity access management (IAM) frameworks, via roles and permissions following the Least Privileges principle.

Network Security

Multiple layered firewalls deployed for all components.

Strict segregation of application components and environments with multiple concentric security perimiters to implement defense in depth.

Active threat detection deployed at multiple application layers for rapid detection and mitigation of network attacks and intrusions.

Application Security

All application software is scanned for vulnerabilities as a part of our build process, both in AutoCloud’s codebase and the package dependencies it relies on.

Automation

Development, testing, deployment, monitoring and analysis of data and systems is done with the smallest amount of human action & intervention to minimize security & privacy risk and maximize performance & reliability.

Automation authorization is segregated by role to further reduce security & privacy risk in the event of a vulnerability.

Access Credentials

Account access is provided through user generated service accounts, with graceful failure in the face of insufficient privileges. Use only the features that you are comfortable with.

AutoCloud recommended permissions include only those necessary to perform requested actions. No write permissions are ever requested, preventing modification of user systems in any way.

All service credentials required for access are stored with multiple, orthogonal encryption methods to ensure that account tokens are only available to appropriate services and organization members.

AutoCloud features can be utilized by providing service accounts on demand, which only ever exist in memory and are erased at the termination of the requested operation, allowing users to elect out of storing sensitive credentials on AutoCloud’s systems.

Auditing

All system activity is monitored and logged. These activity streams are continuously analyzed by our security tooling and regularly audited manually.

Updated 03 Mar 2023
Did this page help you?
Yes
No
UP NEXT
Feedback/Contact
Docs powered by archbee 
TABLE OF CONTENTS
Our Security Practices
Architecture
Encryption
Authentication & Authorization
Network Security
Application Security
Automation
Access Credentials
Auditing