We know how critical your data is to you, therefore security is at the forefront of everything we do.
- All Cloudcraft data and communications are encrypted using industry best practices:
Encryption At-Rest: All databases and disk volumes are encrypted using industry standard AES-256 encryption.
Encryption In-Transit: All communications with Cloudcraft services and APIs use Transport Layer Security (TLS/SSL) for secure connections. There is no non-TLS option for connecting to Cloudcraft. View our Qualys SSL Labs Report.
Encrypted Backups: All customer data is continuously backed up, with point-in-time recovery and hourly snapshots stored encrypted. We also validate our data recovery procedures regularly.
Encryption Keys: All Cloudcraft encryption keys are stored in FIPS 140-2 validated hardware security modules managed by Amazon.
- Data Privacy: No Cloudcraft staff will access your data unless required for support reasons. When working a support issue we only access the minimum data needed to resolve your issue while respecting your privacy.
- Access Controls: All the data, such as your diagrams, is by default private and only accessible by you. If you explicitly share something with someone else, you can always revoke the access later.
- User Credentials: All user passwords are secured with SCrypt and stored salted and strongly hashed and cannot be recovered by Cloudcraft staff. When using a Google account to access Cloudcraft, no user credentials are stored on the Cloudcraft servers.
- 2FA/MFA: Optional Two-Factor Authentication support is available for an additional layer of protection of your account.
- Data Center: The Cloudcraft service is hosted in AWS’s highly secure data centers (ISO 27001, PCI-DSS, SOC 1 certified).
- Secure Configuration Management: Cloudcraft uses code reviews, automated testing and automated deployments, with servers continuously kept up to date with the latest security errata.
Cloudcraft Live allows you to optionally sync your AWS environments with your diagrams. Live was designed from the start to take maximum advantage of the latest AWS security best practices. Specifically, Cloudcraft makes use of cross-account roles, the secure way to access your AWS environment:
- No IAM users need to be created or access keys exchanged. Exchanging access keys is an outdated practice with inherent security risks.
- Instead, you create a read-only role in your AWS account that is specific to Cloudcraft and can easily be revoked at any time.
- As an alternative to the simple read-only role, the you can also use a strict minimal access policy to further minimize the amount of data the Cloudcraft role could theoretically access.
- Cloudcraft always uses an external ID when assuming the cross-account role, to protect against the so called "confused deputy" problem.
- Cloudcraft does not persist any of the live data from your AWS environment. Cloudcraft only stores ARNs, unique identifiers for resources in AWS, with your diagrams. The data from your AWS environment is then streamed in real-time to your browser via Cloudcraft's own AWS environment using the role based access.
Cloudcraft Live provides a safe and secure way for you to visually explore your AWS environment.
If you subscribe to Cloudcraft's paid plans, your credit card data is not transmitted through nor stored on our systems. Instead, we use a payment processor called Stripe, a company entirely dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Read more about Stripe’s security online.
Please email us directly at firstname.lastname@example.org
We strive to keep Cloudcraft safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any concerns. Emails are directly sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.
If you have questions regarding a specific policy or general inquiries regarding security, please contact Cloudcraft support.