Security and Compliance at CloudNuro
Our AI-enabled SaaS management platform is designed with security as our top priority
Cloud Security and Privacy lie at the heart of all our business decisions, design, and build, and are embedded in every layer of our cloud platform. We adhere to industry best practices, to ensure that your data is safe and secure at all times. After all, it's your business and your data. Our goal is to draw meaningful insights from it so you can optimise your application ownership.
Our Core Security Principles
Application Security
Infrastructure Security
Secure AAA
Secure Product Build
Compliance
Application Security
Encryption
Encryption for data in transit is forced via HTTPS with TLS 1.2. When at rest, all database instances are encrypted with an Industry-standard AES-256 encryption algorithm.
Access Control
Role-based access control (RABC) using different scopes. The principle of least privilege is enforced on all the scopes.
Infrastructure Security
Cloud Computing Services
CloudNuro leverages Google Cloud Platform (GCP) as its hosting and server platform for high level of security on our web servers and databases. In addition, GCP provides SSAE-16 SOC 1 and 2, ISO 27001, and FedRAMP/FISMA reports and certifications.
Backup
CloudNuro relies on GCP’s automated backup to maintain a robust disaster recovery strategy, allowing us to perform secure backup and recover our data quickly. In order to ensure an effective backup recovery, we perform regular testing.
Incident & Breach Management
Procedures for reporting incidents and tracking their progress is established so that timely communication, investigation, and resolution are facilitated.
Secure Authentication, Authorization and Accountability (AAA)
Authentication
We at CloudNuro.AI support industry-standard authentication protocols such as SAML 2.0, and OpenID. Companies can implement Single Sign-On (SSO), including whitelisting and multi-factor authentication (MFA).
Authorization
Every API is bound by the principle of least privilege which validates to ensure that the user has permission to use the API.
Accountability
All audit trail is maintained which includes date, time, and user information associated with any resource accessed or transaction performed.
Secure Product Build
Designing for Security
The product owner defines the roadmap for the product and reviews it during every release. We prioritise security patches from the beginning of the development process.
Code Review
We perform advanced set of unit tests, code coverage, code reviews, on-site vulnerability assessments, and web vulnerability assessments.
DevOps CI/CD
Specific teams are permitted to access the source code that is centralised and managed via version control. A well-defined CI/CD (Continuous Integration and Continuous Delivery) process is used for code promotion, along with valid stage gates such as security code scanning, and unit test coverage.
Quality Assurance
Each build is passed through a strict regression test, functionality test, performance test, and UX test before it is certified as ‘Stage Gate Passed’.
Compliance
CloudNuro’s security model and controls are based on industry best practices. Listed below are our security compliances that demonstrate our commitment to security.
CSA - Security, Trust, Assurance and Risk (STAR)
SOC2 Type II Certification
.svg){kind=small}
