Product Security
Product security is of paramount importance at CloudSaver. CloudSaver uses a software development lifecycle in line with general Agile principles. When security effort is applied throughout the Agile release cycle, security oriented software defects are able to be discovered and addressed more rapidly than in longer release cycle development methodologies. Software patches are released as part of our continuous integration process. Patches that can impact end users will be applied as soon as possible but may necessitate end user notification.
CloudSaver performs continuous integration. In this way we are able to respond rapidly to both functional and security issues. Well defined change management policies and procedures determine when and how changes occur. This philosophy is central to DevOps security and the development methodologies that have driven CloudSaver adoption. In this way, CloudSaver is able to achieve extremely short mean time to resolution for security vulnerabilities and functional issues alike. CloudSaver is continuously improving our DevOps practice in an iterative fashion.
SOC2® Type II
CloudSaver has an AICPA SOC2® Type II examination performed on an annual basis based on the trust services criteria relevant to security. The SOC2® Type II report validates the design and operating effectiveness of CloudSaver’s operational and security processes that support our SaaS solutions.
ISO 27001:2013
CloudSaver is ISO 27001:2013 certified. This certification is an internationally recognized standard for information security management systems that helps organizations protect their assets and data from potential threats. Its achievement demonstrates that CloudSaver has invested the time, technology, and resources to provide its clients with security consistent with international best practices.
GDPR
The General Data Protection Regulation (GDPR) is a set of rules adopted by the European Union (EU) and United Kingdom (UK) for the protection of personal data. CloudSaver adheres to the GDPR rules for the personal data we process. For more information on personal data processed, data subject rights, and contact information please see CloudSaver’s Privacy Policy.
Physical Security
The CloudSaver infrastructure is hosted in Cloud Service Provider (CSP) environments. Physical and environmental security related controls for CloudSaver production servers, which includes buildings and locks or keys used on doors, are managed by these CSP’s.
Corporate Security
CloudSaver individually authenticates users by way of a central identity provider and leveraging two factor authentication wherever possible.
All CloudSaver personnel undergo regular security and privacy awareness training that weaves security into technical and non-technical roles; all employees participate in securing our customer data and company assets.
In this article