Security and Trust

Putting security first

Selecting a revenue intelligence platform that not only makes sense of your data, but enhances it to deliver highly accurate insights, predictions and recommendations is the best route to sales success.

and Trust

Security

Explore More

A highly secure cloud environment

To further enhance the security of our platform alongside our own measures, we use Amazon Web Services (AWS) as our cloud platform provider. AWS is renowned for its robust security measures, and we take advantage of the many security tools that they offer.

The platform has been reviewed and passed by AWS as part of their Foundational Technical review program.

We have taken the following steps to secure our cloud platform:

Web Application Firewall (WAF) enabled endpoints
Managed Distributed Denial of Service (DDoS) protection
Threat detection and continuous monitoring
IDS/IDP systems
Stringent Identity Access Management (IAM) controls
Regular Independent Penetration testing

Continuous microservice monitoring and logging
3rd-Party software & dependency monitoring
Support for API throttling and monitoring
The utilisation of a Secure AWS Virtual Private Cloud
OWASP aware code development practices

cloudapps Security & Trust

A trusted Salesforce partner

As a Salesforce AppExchange provider, we have to meet strict security and data management requirements, and undergo regular checks to ensure that our platform is safe and secure. Our platform has passed a rigorous security review from Salesforce and is regularly monitored to ensure its ongoing compliance. We also take great care to ensure that our code is of the highest quality, with no vulnerabilities or potential security problems, and that our data sharing is visible only to those who should have access.

From a data management security perspective, all data in Cloudapps services is encrypted at rest. Encryption at rest also enables continuity measures like backup management without compromising data security and privacy. Cloudapps exclusively sends data over HTTPS transport layer security (TLS) encrypted connections for additional security as data transits to and from the application.

We employ a number of measures to safeguard your data including:

Isolation of Production and Dev/Test environments
Multi-tenancy with logical client partitioning
AES-256 and AWS KMS encryption at REST
TLS and SHA256withRSA data encryption in transit
PITR data Backup
Secure MFA access & activity logging
Oauth 2.0 authentication for 3rd party system integration

cloudapps Security & Trust

Ensuring the continued safety of your data

Only those you give permission to should be able to access your data. To ensure this is the case, we follow industry guidelines and put in place stringent access security measures. These include:

Oauth JWT token access to services
Single sign on (SSO) using OpenId Connect
API Key access to services
Password encryption using Secure Remote Password (SRP)
Multi-Factor Authentication using SMS and TOTP
End-User role-based access
Session Monitoring and Timeouts
CSP Trusted Site and CORS for Salesforce integration

cloudapps Security & Trust

Single Sign-On

Cloudapps’s single sign-on (SSO) implementation prioritises security. SSO also improves user experience by streamlining login and improving access from trusted domains. Cloudapps currently offers SSO via Salesforce.com.

cloudapps Security & Trust

Our security compliance and accreditations

We follow industry best practice and have gained a range of recognised accreditations that demonstrate our commitment to security, safety and correct data management. In particular we are accredited by the Cloud Security Alliance, which means that we have suitable disaster recovery procedures in place and have implemented effective governance and change management processes. We also undergo a foundational technical review every three years to ensure that our approach to security and architecture is up to date.

Our security compliance measures and accreditations:

Certified by McAfee as Enterprise-Ready as part of their CloudTrust program
Annual penetration testing by leading CHECK, CREST qualified and ISO 27001 accredited provider
Compliance with OWASP Top 10 Secure Coding Principals
Amazon Web Services (AWS) Baseline Infrastructure Reviewed
Amazon Web Services (AWS) Foundational Technical Reviewed
Cloud Security Alliance CAIQ CSA's STAR Level 1 v4 submission
Supporting National Cyber Security Centre (NCSC) Cloud Security Principles

We believe in transparency

As you can see, we take the security of our platform and the protection of your data extremely seriously. We are always happy to share further information on the steps and precautions we take, do get in touch for a further conversation with our technical team if you have any questions.