Authentication and Access Management
End users may log in to CloudSaver using identities and credentials established on the CloudSaver platform or via the “Sign-in with Google” OpenID service. This service will authenticate an individual’s identity and may provide the option to share certain personally identifying information with CloudSaver, such as the user’s name and email address to pre-populate our sign up form.
Protection of Customer Data
CloudSaver utilizes encryption at various points to protect customer data and CloudSaver secrets, including encryption at rest (e.g. AES-256), and KMS-based protections for the protection of secrets (passwords, access tokens, API keys, etc.).
Access to customer data is limited to functions with a business requirement to do so. CloudSaver has implemented multiple layers of access controls for administrative roles and privileges. Access to environments that contain customer data requires a series of authentication and authorization controls, including Multi-Factor Authentication (MFA). CloudSaver enforces the principles of least privilege and need-to-know for access to customer data, and access to those environments is monitored and logged for security purposes. CloudSaver has implemented controls to ensure the integrity and confidentiality of administrative credentials and access mechanisms, and enforces full-disk encryption and unique credentials for workstations.
In this article