Cloud Cruiser recognizes that the data you are entrusting to our application is both sensitive and vital to the ability to run your business. That is why we work to ensure that your data is secure and accessible only to those who have the need and right to see it.
Amazon Web Services (AWS) provides the cloud infrastructure upon which the Cloud Cruiser application runs, and serves as Cloud Cruiser’s secure datacenter. This infrastructure is designed for security and is monitored constantly for network and security issues. For more information about AWS security, see the AWS documentation at https://aws.amazon.com/security/.
Cloud Cruiser stores customer data in a private network. This network is behind a firewall and therefore not accessible to requests from the Internet. In addition to the basic firewall security provided by AWS, Cloud Cruiser restricts traffic internally and externally using Amazon Security Groups, and both private and public sub-networks. The network is highly segregated, with each resource type in its own sub-network, and access is carefully granted through firewall rules. Only authenticated Cloud Cruiser users can access endpoints on the private network.
All data is partitioned by tenant, and all authenticated requests are scoped to a tenant (or a user within a tenant, where applicable). This partitioned multi-tenant architecture limits access to the data associated with each authenticated tenant, thus preventing the possibility of one tenant having access to another’s data.
User permissions within the application itself are highly granular, ensuring that access to information can be very tightly controlled – users can see what they need to, and no more. The application is tested for common security issues, including cross-site scripting and SQL injection/parameterized query attacks.
AWS is ISO 27001 certified, and most of the AWS infrastructure used by Cloud Cruiser is PCI compliant and covered by SOC 1, SOC 2, and SOC 3 reports. The PCI and HIPAA standards do not apply to Cloud Cruiser because we do not handle payment card data or protected health information.
Cloud Cruiser's Data Privacy and Security Agreement is displayed when you sign up to use Cloud Cruiser. You can read the Agreement at any time on the Cloud Cruiser Web site.
This section lists common questions and answers about Cloud Cruiser security and how Cloud Cruiser protects your data.
Cloud Cruiser stores and encrypts the following provider credentials so you can collect usage and billing data:
Cloud Cruiser shares aggregated data with certain partners. This data is only intended to indicate industry trends in cloud usage, and does not include any information that can be used to identify a specific company or individual.
Cloud Cruiser encrypts all credentials in our database using Triple DES encryption.
Cloud Cruiser encrypts your cloud platform credentials. For Azure collections, Cloud Cruiser also encrypts the token used to authenticate the Microsoft account used to connect Azure subscriptions to your collection. For Google collections, Cloud Cruiser encrypts the authentication token for the Google account used to connect with Google Cloud Platform.
Triple DES with 192-bit keys.
No employees of Cloud Cruiser have direct access to any of the sensitive information we store.
If someone had access to the provider credentials stored in Cloud Cruiser they would have access to your usage and billing data. This does not include any payment information such as a credit card number.
If you have configured Cloud Cruiser to purchase, sell, and modify reserved instances (RIs) for you, and have granted the corresponding permissions in your Amazon Web Services accounts, then the person in possession of your credentials would be able to purchase, sell, and modify RIs using those AWS accounts.
The cloud provider permissions required by Cloud Cruiser are not sufficient to change a password or lock a cloud provider account in some other way.
Only select Cloud Cruiser employees have the administrative access to change a customer's access to the application.
Yes. Per industry-accepted standards, Cloud Cruiser applies security updates to its systems regularly using the Chef configuration management tool.
While Cloud Cruiser does not run regular penetration tests to identify vulnerabilities in system security, the underlying host provider (AWS) does perform these tests on its systems and applications. For more information, see https://aws.amazon.com/security/penetration-testing/.
Though Cloud Cruiser systems are not at high risk for viruses and malware, its underlying AWS systems do use antivirus and malware-prevention software.
Cloud Cruiser does not use a typical IDS/IDP system to monitor traffic at the perimeter of the network boundary.
While Cloud Cruiser has not implemented a formal DR/BCP, disaster recovery is handled by the underlying AWS architecture.
Physical security of AWS data centers is implemented by Amazon. No Cloud Cruiser employee has physical access to the servers containing your data.
Yes, for Azure Active Directory and Google accounts. For details, see Signing in with Microsoft or Google.
To log in to Cloud Cruiser you need your user name and password. No additional, authentication methods (such as smart cards or one-time passwords) are required.
Yes. Within the Cloud Cruiser application, Cloud Cruiser creates one Owner account for you. The Owner has full access to Cloud Cruiser features, and can partition feature access to other Cloud Cruiser user accounts at your site as he or she sees fit.
At the system level, Cloud Cruiser manages system accounts using the Chef configuration management tool.
Cloud Cruiser pulls the fields listed in the following table. For information about how Cloud Cruiser maps provider fields to normalized field names, see Field mapping.
|Amazon Web Services||Microsoft Azure||Google Cloud Platform|
Additionally, Cloud Cruiser pulls tags included in the Cost Allocation Report, as defined in AWS.
|Account Name |
Product Meter ID
Store Service Identifier
Unit Of Measure
|Account ID |
To help maintain security, Cloud Cruiser does not make system logs available. However, upon request Cloud Cruiser can send you limited audit information.