8min

Security practices

AutoCloud is secure. We are SOC2 compliant.

Our Security Practices

Architecture

AutoCloud infrastructure is built to exceed CIS level I benchmark compliance.

Designed in accordance with AWS's Well Architected Framework best practices around security, privacy, & compliance.

Encryption

All communication, both internal & external is encrypted with TLS1.2. All data is encrypted at rest, regardless of storage method. Queue messages are software-encrypted on top of queue encryption.

Authentication & Authorization

All system access is provided through strict identity access management (IAM) frameworks, via roles and permissions following the Least Privileges principle.

Network Security

Multiple layered firewalls deployed for all components.

Strict segregation of application components and environments with multiple concentric security perimiters to implement defense in depth.

Active threat detection deployed at multiple application layers for rapid detection and mitigation of network attacks and intrusions.

Application Security

All application software is scanned for vulnerabilities as a part of our build process, both in AutoCloud’s codebase and the package dependencies it relies on.

Automation

Development, testing, deployment, monitoring and analysis of data and systems is done with the smallest amount of human action & intervention to minimize security & privacy risk and maximize performance & reliability.

Automation authorization is segregated by role to further reduce security & privacy risk in the event of a vulnerability.

Access Credentials

Account access is provided through user generated service accounts, with graceful failure in the face of insufficient privileges. Use only the features that you are comfortable with.

AutoCloud recommended permissions include only those necessary to perform requested actions. No write permissions are ever requested, preventing modification of user systems in any way.

All service credentials required for access are stored with multiple, orthogonal encryption methods to ensure that account tokens are only available to appropriate services and organization members.

AutoCloud features can be utilized by providing service accounts on demand, which only ever exist in memory and are erased at the termination of the requested operation, allowing users to elect out of storing sensitive credentials on AutoCloud’s systems.

Auditing

All system activity is monitored and logged. These activity streams are continuously analyzed by our security tooling and regularly audited manually.



Updated 13 Dec 2021
Did this page help?
Yes
No