CloudFactory adheres to the “least privileged” access policy. We only allow authorized staff to access data that is required to perform their job function. We further require multifactor authentication of all employees in order to gain access to any of our corporate systems, including the CloudFactory platform. We have centralized all access control so that we can audit and monitor all access to our systems. This also ensures that we can remove access for all systems quickly and efficiently if an account is suspected of being compromised or is no longer required.
All data “in-motion” and “at-rest” is fully encrypted according to regulatory requirements and industry best practices.
CloudFactory constantly monitors systems activity to detect and prevent intrusion of our platform. In addition, all configuration changes are closely monitored to ensure that our systems adhere to our hardening standards. All events are logged to enable CloudFactory to perform forensic analysis of attacks and to identify anomalies to be alerted to potential security incidents.
CloudFactory regularly performs both internal and external vulnerability tests to assess necessary enhancements to the platform to address evolving security threats.
CloudFactory maintains and regularly updates its information security policies and ensures enforcement of its policies with both technical and operational controls. Our policies adhere to both regulatory and industry best practice standards including GDPR compliance.
All CloudFactory Staff are required to receive training on privacy and security policies and are required to sign an agreement that they will adhere to our policies.