As a result, we have put an enormous amount of time and energy into robust security practices. If elite paramilitary hackers broke into our data centers and took the physical servers, ran keyloggers on our machines, took snapshots of our DB, stole our laptops and ironkeys … they still wouldn’t have enough to compromise our users’ sensitive data.
Below are some highlights but if you’d like more detail, we’d be happy to arrange a call with someone on your team.
Your sensitive data is encrypted at every step of the way; we never receive or transmit unencrypted account information. We first encrypt it in the browser then re-encrypt with an even more secure algorithm (GPG RSA 3072-bit) once it reaches our servers.Only a specialized set of hardened servers (we call “strongboxes”) are able to read the encrypted blobs. The strongboxes accept no incoming connections of any kind so their instances must be killed and manually redeployed using strict security procedures when any changes are needed. All web connections are sent via 256-bit DigiCert High Assurance EV CA-1 SSL.
Cloudability is an official solution provider for Amazon Web Services. See our official AWS page
Cloudability’s data is stored on AWS data centers that have achieved ISO 27001 certification, PCI DSS Level 1 compliance, and SAS70 Type II. Learn more about AWS security
Cloudability’s site and security identity is validated by Verisign. When you see the VeriSign Trust Seal, it means that VeriSign has verified our identity and that the site has passed a daily malware scan.
Staff members do not have the ability to decrypt encrypted account data, and we use extensive best practices to keep your sensitive information secure.
If you’d like more detail about our approach to security, we’d be happy to arrange a call with a member of your team. Email support at cloudability.