Security of users data and sensitive information is CloudMonix's primary concern.  Netreo, the company that owns and maintains CloudMonix is a Microsoft partner and has been performing Azure monitoring and automation for hundreds of companies worldwide.  


Below, are policies and procedures that have been implemented in order to ensure that any and all sensitive information is secured


Architectural considerations

  • Two factor authentication is utilized for user authentication
  • All data transfers (internal and external) occur only over SSL
  • Data in Credential Vault is encrypted at multiple levels, at rest and at transfer
  • Private data in Credential Vault is never returned to CloudMonix portal or thru any APIs.  Even if a user's login/password is compromised.
  • Transactional data (ie: metrics, logs, statistics) is stored securely in Azure storage
  • OAuth 2.0 with expiring Bearer tokens is utilized for communication with CloudMonix's API


Procedures

  • Production access within CloudMonix development and support teams is strictly controlled
  • All internal production credentials are encrypted even within CloudMonix source control systems to prevent developers from being able to access production environments.  Access to decryption keys is strictly controlled.