CloudFabrix Commitment to Security & Privacy
CloudFabrix is committed to maintaining the availability, integrity, and confidentiality of customer data. We’ve implemented robust processes and standards to secure customer data across all our platform operations.
CloudFabrix highly values our customer's security and privacy and is fully committed to ensuring that our products and services are secure. Customers trust us with their data and it is our top priority to adhere to stringent security guidelines in all of our offerings. We adopt security-first principles in all of our product development process, product implementation and customer support engagements.
Our SaaS platform is hosted on industry-leading AWS public cloud, and Cloud security at AWS is the highest priority. AWS data centers and network are architected to protect customer’s information, identities, applications, and devices and are built to meet the requirements of the most security-sensitive organizations.
In addition to AWS security, CloudFabrix has implemented various security controls and features, including
- Use of AWS Elastic Kubernetes Service (EKS) for running all SaaS components, including control plan, data plane, studio etc.
- Creation of separate workspaces and sub-domains for customer tenants for secure tenant data and access isolation
- Access to infrastructure VMs are completely restricted to Cloudfabrix corporate domain
- SSH console access is allowed only to known hosts that are in Cloudfabrix corporate domain.
- Infrastructure management privileges are granted only to select DevOps/SRE experts in CloudFabrix Saas ProdOps team who are US citizens and have decades of IT-industry experience handling mission-critical software implementations.
Our software platform is built on microservices and containers architecture (hardened in accordance to NIST 800-190), to allow scale, rapid extensibility to address needs of dynamically expanding IT environments.
Our platform provides many security related features including
- Distributed application that runs on hardened Linux
- Isolation of key modules and components based on Kubernetes architecture and security
- We implement our own trusted and secure container repository for hosting application images
- Our container images are thoroughly tested, validated by our internal QA teams
- Our platform provides audit logs and activity logs to identify and track user activity
User Security & Role Based Access Controls
We don’t store user credentials in our platform and all user authentication is handled by industry 3rd party identity providers like Auth-0.
- User credentials handled by 3rd party SAML provider (Auth-0) that also provides SSO
- Only ports 443 is opened for portal access that is gated through industry standard OAuth/SAML provided leading Identity Providers like Auth0
- User activities are restricted based on roles and privileges assigned.
- Customers implement granular access controls by creating multiple roles and assigning roles to users based on their responsibilities.
- Customers can restrict user activities based on tenancy, roles and project permissions
Our platform ensures data security by using secure network communications and encryption along with other data protection features highlighted below
- Our platform serves as medium for data sharing and data routing and not as database and doesn’t store large amounts of historical data
- Network data transfers and communications are conducted over industry standard Transport Layer Security (TLS) that uses encryption.
- Data-at-rest security is provided through AWS Kubernetes security features, EC2 block storage, key management selections
- Usage of industry standard AES-256 encryption for transmitting messages and topics on our data fabric that is based NATS
- AWS storage provides encryption and that is used for storing customer config data
- We encrypt our deployment configuration using our own keys
- Worker nodes need to authenticate with RDA on secure channel over industry-standard TLS
Secure Development Practices & Product Updates
- Security scans are performed for every Minor release, Major release and On demand hotfix
- Customers will be notified on any new vulnerabilities identified
- Customer systems will be updated with fixes - with mutual coordination
- Product complies with security best practices from vendors like: Nessus, Greenbone, Rapid7, AlienVault