Security practices
AutoCloud is secure. We are SOC2 compliant.
AutoCloud infrastructure is built to exceed CIS level I benchmark compliance.
Designed in accordance with AWS's Well Architected Framework best practices around security, privacy, & compliance.
All communication, both internal & external is encrypted with TLS1.2. All data is encrypted at rest, regardless of storage method. Queue messages are software-encrypted on top of queue encryption.
All system access is provided through strict identity access management (IAM) frameworks, via roles and permissions following the Least Privileges principle.
Multiple layered firewalls deployed for all components.
Strict segregation of application components and environments with multiple concentric security perimiters to implement defense in depth.
Active threat detection deployed at multiple application layers for rapid detection and mitigation of network attacks and intrusions.
All application software is scanned for vulnerabilities as a part of our build process, both in AutoCloud’s codebase and the package dependencies it relies on.
Development, testing, deployment, monitoring and analysis of data and systems is done with the smallest amount of human action & intervention to minimize security & privacy risk and maximize performance & reliability.
Automation authorization is segregated by role to further reduce security & privacy risk in the event of a vulnerability.
Account access is provided through user generated service accounts, with graceful failure in the face of insufficient privileges. Use only the features that you are comfortable with.
AutoCloud recommended permissions include only those necessary to perform requested actions. No write permissions are ever requested, preventing modification of user systems in any way.
All service credentials required for access are stored with multiple, orthogonal encryption methods to ensure that account tokens are only available to appropriate services and organization members.
AutoCloud features can be utilized by providing service accounts on demand, which only ever exist in memory and are erased at the termination of the requested operation, allowing users to elect out of storing sensitive credentials on AutoCloud’s systems.
All system activity is monitored and logged. These activity streams are continuously analyzed by our security tooling and regularly audited manually.