Security and Compliance
at CloudNuro

Our AI-enabled SaaS management platform is
designed with security as our top priority

Cloud Security and privacy lie at the heart of all our business decisions, design, and build, and are embedded in every layer of our cloud platform. We adhere to industry best practices, to ensure that your data is safe and secure at all times. After all, it’s your business and your data. Our goal is to draw meaningful insights from it so you can optimise‌ ‌your‌ ‌application‌ ‌ownership.

Our Core Security Principles

Application security
Infrastructure security
Infrastructure security

Secure AAA

Secure product build
Compliance

Application Security

Applicationsecurity
Encryption
Encryption for data in transit is forced via HTTPS with TLS 1.2. When at rest, all database instances are encrypted with an Industry-standard AES-256 encryption algorithm.
Access control
Role-based access control (RABC) using different scopes. The principle of least privilege is enforced on all the scopes.

Infrastructure Security

Infrastructure security
Cloud computing services
CloudNuro‌ ‌leverages‌ ‌Google‌ ‌Cloud‌ ‌Platform‌ ‌(GCP)‌ ‌as its hosting and server platform for high level of security on our web servers and databases. In addition, GCP provides SSAE-16 SOC 1 and 2, ISO 27001, and FedRAMP/FISMA reports and certifications.
Backup
CloudNuro relies on GCP’s automated backup to maintain a robust disaster recovery strategy, allowing us to perform secure backup and recover our data quickly. In order to ensure an effective backup recovery, we perform regular testing.
Incident & breach management
Procedures for reporting incidents and tracking their progress is established so that timely communication, investigation, and resolution are facilitated.

Secure Authentication, Authorization and Accountability (Aaa)

Infrastructure security
Authentication
We at cloudNuro support ‌industry-standard ‌authentication‌ ‌protocols‌ ‌such as SAML 2.0, and OpenID. Companies can implement Single‌ ‌Sign-On‌ ‌(SSO),‌ ‌including‌ ‌whitelisting‌ ‌and‌ ‌multi-factor‌ ‌authentication‌ ‌(MFA).
Authorization
Every API is bound by the principle of least privilege which validates to ensure that the user has permission to use the API.
Accountability
All audit trail is maintained which includes date, time, and user information associated with any resource accessed or transaction performed.

Secure Product Build

Infrastructure security
Designing for security
The product owner defines the roadmap for the product and reviews it during every release. We prioritise security patches from the beginning of the development process.
Code review
We perform advanced set of unit tests, code coverage, code reviews, on-site vulnerability assessments, and web vulnerability assessments.
DevOps CI/CD
Specific teams are permitted to access the source code that is centralised and managed via version control. A well-defined CI/CD (Continuous integration and continuous delivery) process is used for code promotion, along with valid stage gates such as security code scanning, and unit test coverage.
Quality assurance
Each build is passed through a strict regression test, functionality test, performance test, and UX test before it is certified as ‘Stage Gate Passed’.
Quality assurance
Each build is passed through a strict regression test, functionality test, performance test, and UX test before it is certified as ‘Stage Gate Passed’.
DevOps CI/CD
Specific teams are permitted to access the source code that is centralised and managed via version control. A well-defined CI/CD (Continuous integration and continuous delivery) process is used for code promotion, along with valid stage gates such as security code scanning, and unit test coverage.

Compliance

CloudNuro’s security model and controls are based on industry best practices. Listed below are our security compliances that demonstrate our commitment to security.

CSA – Security, Trust, Assurance and Risk (STAR)