Information and Data Security

CloudFactory takes the security of our customers data very seriously and has made protection of the information our top priority. CloudFactory implements a layered approach to security in order to ensure compliance with regulatory, best practice, and customer requirements, including GDPR which goes into effect for all EU citizens on May 25, 2018. The information provided here is meant to give an overview of our security posture and approach, not to provide details of our security policies and controls.

Access Control

CloudFactory adheres to the “least privileged” access policy. We only allow authorized staff to access data that is required to perform their job function. We further require multifactor authentication of all employees in order to gain access to any of our corporate systems, including the CloudFactory platform. We have centralized all access control so that we can audit and monitor all access to our systems. This also ensures that we can remove access for all systems quickly and efficiently if an account is suspected of being compromised or is no longer required.

Data Encryption

All data “in-motion” and “at-rest” is fully encrypted according to regulatory requirements and industry best practices.

Logging and Security Monitoring

CloudFactory constantly monitors systems activity to detect and prevent intrusion of our platform. In addition, all configuration changes are closely monitored to ensure that our systems adhere to our hardening standards. All events are logged to enable CloudFactory to perform forensic analysis of attacks and to identify anomalies to be alerted to potential security incidents.

Vulnerability Testing

CloudFactory regularly performs both internal and external vulnerability tests to assess necessary enhancements to the platform to address evolving security threats.

Security Policies and Controls

CloudFactory maintains and regularly updates its information security policies and ensures enforcement of its policies with both technical and operational controls. Our policies adhere to both regulatory and industry best practice standards including GDPR compliance.

Security Training

All CloudFactory Staff are required to receive training on privacy and security policies and are required to sign an agreement that they will adhere to our policies.