It all begins with the data. UserClouds stores all data encrypted-at-rest, and transmits all data over HTTPS. We use principles of least-access to ensure that people and machines only have access to the data they need to do their jobs, and that data is only accessible to those who actually need it.
We use industry-standard tools and policies to ensure that our application keeps our customers and their data as secure as possible. We regularly engage some of the world’s leading application security firms for open- and closed-source penetration tests, and run a suite of continuous security scanners to detect and mitigate issues as they arise.
UserClouds operates on top of AWS (and soon, GCP), and takes advantage of all of the security features they have to offer, including things like AWS Secrets Manager, Security Group auditing, and log analysis to keep our infrastructure as secure as possible.
UserClouds operates a bug bounty to reward ethical hackers & security professionals for responsibly alerting us to flaws in our software. We’re in the process of migrating this to HackerOne, but in the meantime please email us at firstname.lastname@example.org