CloudCover understands that the confidentiality, integrity, and availability of our customers'information are vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes to meet the growing demands and challenges of security.
DATA CENTERS ↑ back to top
Our service is collocated in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including:
Access control and physical security
- 24-hour manned security, including foot patrols and perimeter inspections
- Biometric scanning for access
- Dedicated concrete-walled Data Center rooms
- Computing equipment in access-controlled steel cages
- Video surveillance throughout facility and perimeter
- Building engineered for local seismic, storm, and flood risks
- Tracking of asset removal
- Humidity and temperature control
- Redundant (N+1) cooling system
- Underground utility power feed
- Redundant (N+1) CPS/UPS systems
- Redundant power distribution units (PDUs)
- Redundant (N+1) diesel generators with on-site diesel fuel storage
- Concrete vaults for fiber entry
- Redundant internal networks
- Network neutral; connects to all major carriers and located near major Internet hubs
- High bandwidth capacity
Fire detection and suppression
- VESDA (very early smoke detection apparatus)
- Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression
Secure transmission and sessions
- Connection to the CloudCover environment is via TLS cryptographic protocols, using global step-up certificates, ensuring that our users have a secure connection from their browsers to our service
- Individual user sessions are identified and re-verified with each transaction, using a unique token created at login
- Perimeter firewalls and edge routers block unused protocols
- Internal firewalls segregate traffic between the application and database tiers
- Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
- A third-party service provider continuously scans the network externally and alerts changes in baseline configuration
- The CloudCover service performs real-time replication to disk at each data center, and near real-time data replication between the production data center and the disaster recovery center
- Data are transmitted across encrypted links
- Disaster recovery tests verify our projected recovery times and the integrity of the customer data
- All data are backed up to tape at each data center, on a rotating schedule of incremental and full backups
- The backups are cloned over secure links to a secure tape archive
- Tapes are not transported offsite and are securely destroyed when retired
Internal and Third-party testing and assessments
CloudCover.it tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly:
- Application vulnerability threat assessments
- Network vulnerability threat assessments
- Selected penetration testing and code review
- Security control framework review and testing
Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.
BEST PRACTICES ↑ back to top
CloudCover is dedicated to helping our customers be more secure when accessing CloudCover. With the evolving threat landscape, we strongly encourage customers take action to help prevent unauthorized access to their CloudCover orgs.
As a CloudCover admin, there are steps that you can take to make the experience as secure as possible for your CloudCover users. The following security features available in CloudCover provide additional layers of end-user validation or authentication:
Implement IP Restrictions in CloudCover.it
Login IP Ranges limit unauthorized access by requiring users to login to CloudCover from designated IP addresses — typically your corporate network or VPN. By using Login IP Ranges, admins can define a range of permitted IP addresses to control access to CloudCover. Those who try to login to CloudCover from outside the designated IP addresses will not be granted access.
Consider Two-Factor Authentication
Two-Factor Authentication requires that all login attempts have both login credentials and a second authentication factor. This can be achieved by using the CloudCover app or similar solutions from security vendors. Login attempts that do not have valid credentials from both sources will not be granted access to CloudCover.
Secure Employee Systems
One of your goals is to keep email fraud from reaching your users in the first place. To help do that, secure all computers used by your employees.
- Update all users to the latest browser version.
- Deploy email filtering technology. Make sure you whitelist the CloudCover.it IP address.
- Install and maintain desktop protection software on all user machines and keep all applications and definitions up to date.
Strengthen Password Policies
You can make passwords more secure and harder to break by requiring users to define complex passwords, setting up password expirations, and implementing lockouts.
LAWS ↑ back to topGlobal Privacy Law Landscape
Over the past several years, numerous laws and frameworks have emerged globally that govern the handling of personal information, including the following:
- Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA)
- Financial Modernization Act of 1999 or Gramm-Leach-Bliley Act (GLB)
- Numerous state breach notification laws
- Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)
- Numerous provincial privacy laws affecting the public and private sectors
- Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU Data Protection Directive)
- Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications (EU E-Privacy Directive)
- Japan Law on Protection of Personal Information of 2003
- Asia-Pacific Economic Cooperation (APEC) Privacy Framework
Although the requirements of these laws and frameworks vary greatly, some common themes have emerged, such as notice, choice, access, and security:
Notice: What information must be provided to individuals about how their data may be used and who it may be shared with? When must this notice be provided to individuals? In what manner must this notice be provided?
Choice: What choices are individuals offered in terms of what information about them is collected and how such information is used?
Access: Are individuals given the opportunity to access information maintained about them? Can individuals request that their information be amended or deleted?
Security: Are organizations that handle personal information required to protect such information using administrative, technical, and physical safeguards?
CloudCover’s customers solely determine what data is submitted to CloudCover service as customer data. With respect to such data, CloudCover acts as a data processor. In our role as a processor of customer data, CloudCover addresses the general privacy principles described above in the following ways:
Notice, Choice & Access: Cloudcover generally does not have a direct relationship with individuals whose personal data is submitted by customers to the CloudCover service as customer data. CloudCover does not collect personal information on behalf of our customers, and CloudCover does not determine how our customers use such data. Additionally, CloudCover’s customer contracts generally prohibit CloudCover from accessing customer data except under limited circumstances.
Compliance with the Notice, Choice, and Access principles is based on cooperation between CloudCover and our customers. For example, CloudCover’s contracts with our customers state that customers are responsible for the accuracy, quality, integrity, reliability, and appropriateness of data submitted to the CloudCover service and that customers must comply with applicable laws in using the CloudCover service.
Security: CloudCover maintains appropriate administrative, physical, and technical safeguards to help protect the security, confidentiality, and integrity of data our customers submit to the CloudCover service as customer data. CloudCover’s customers are responsible for ensuring the security of their customer data in their use of the service.
PROTECTION ↑ back to top
CloudCover has privacy and security-conscious policies that apply to all of our information handling practices.
Contractual Privacy Protection for Customers
- CloudCover’s contracts include confidentiality provisions that prohibit us from disclosing customer confidential information, including customer data, except under certain narrowly defined circumstances, such as when required by law.
- CloudCover agrees not to access customer's accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer's request in connection with a customer support issue, or where required by law.
Code of Conduct, Confidentiality Agreements, and Information Security Policies
- Every CloudCover employee and contractor must follow CloudCover’s code of conduct, sign confidentiality agreements, and follow CloudCover’s information security policies.
- For information collected on CloudCover’s Web site, cloudcover.it provides assurances around the types of information collected, how that information may be used, and how that information may be shared.
- CloudCover offers individuals the opportunity to manage their receipt of marketing and other non-transactional communications.
- CloudCover offers individuals the opportunity to update or change the information they provide.
CloudCover’s comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.
Internal Training and Communications for CloudCover Personnel
CloudCover regularly communicates with our personnel about our obligation to safeguard confidential information, including customer data and personal information.
- CloudCover provides classroom training around confidentiality, privacy, and information security for all new employees during its monthly new hire orientation.
- All CloudCover personnel are required to complete an annual privacy and security training and are tested on the materials presented.
- CloudCover communicates with all personnel about privacy and information security awareness through monthly newsletters.
Customer End User Awareness
CloudCover strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks.
- We communicate with our customers about current issues and trends through our Trust web site.
- We email end users about specific security issues when warranted.
- We publish a Security Implementation Guide for customers to learn more about how to implement customer-controlled security settings. The Security Implementation Guide is available in the Help & Training section of the CloudCover service.
- The Security section of the Trust Web site includes a security webinar and various security-related white papers.
CloudCover has multiple organizations, teams, and individuals responsible for security and security-related matters. The Chief Trust Officer is responsible for CloudCover's security program and personnel, including information, product, and corporate security, enterprise risk management, and technology audit & compliance. The Global Privacy Counsel is responsible for CloudCover's privacy program, including compliance with applicable privacy and data-protection laws. Additionally, all CloudCover personnel are required to follow CloudCover's confidentiality, privacy, and information security policies
CloudCover maintains a comprehensive array of technical measures to protect the CloudCover service and offers a robust set of customer-controlled settings to further heighten privacy and security protection.
Default Privacy and Security Features
Application features that protect customer data:
- Connection to the CloudCover service is via secure socket layer/transport layer security (SSL/TLS), ensuring that our customers have a secure connection to their data. Individual user sessions are uniquely identified and re-verified with each transaction.
- Customers passwords are not accessible by CloudCover personnel.
Application logs record the creator, last updater, timestamps, and originating IP address for every record and transaction completed.
Logical separation of customer data:
- Hardware and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only its related information.
- Multitenant security controls include unique, non-predictable session tokens, configurable session timeout values, password policies, sharing rules, and user profiles.
The CloudCover service supports delegated authentication.
Network security measures:
- Multiple layers of external firewalls
- Intrusion-detection sensors
- Security event management system
Continuous external vulnerability scanning
Redundancy and Scalability
The CloudCover service is highly scalable and redundant, allowing for fluctuation in demand and expansion of users while greatly reducing the threat of long-term outages. Load-balanced networks, pools of application servers, and clustered databases are features of our design.
All customer data is stored in secure data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore the CloudCover service in the case of a catastrophic loss.
In addition to our disaster-recovery capabilities, customer data is also backed up to tape in a separate data center. Tapes are not transported offsite from this data center, reducing the risk of loss.
Customer-Controlled Privacy and Security Settings
- Customers may determine which of their respective designees can access different categories of data.
- Customers may set customizable password rules.
- Customers may define log-off times for inactivity.
- By default, CloudCover's Identity Confirmation feature automatically recognizes whether a user is logging in from an IP address or device that has been previously used. Unrecognized IP addresses or devices prompt identity re-verification.
Request a Demo
With CloudCover, you can manage all contracts, assets, service providers and data from a central hub, reducing chaos and putting you back in control.