The scope of this document relates to the Celigo CloudExtend product line as well as the employees under the Celigo CloudExtend brand.
We would like to make two things clear. First, we respect your privacy and take significant efforts to protect all your data. Second, we would never do anything with your data that we wouldn’t be proud to tell the world about. We go to considerable lengths to ensure that all data is handled securely – keeping our Apps and your data secure is fundamental to our business.
- All of our services run in the cloud. CloudExtend does not run our own routers, load balancers, DNS servers, or physical servers.
- Our services and data are hosted in Amazon Web Services (AWS)
- All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.
- All data sent to or from CloudExtend is encrypted in transit using 256 bit encryption.
We’ve included checklists below that answer common security related questions we hear from our customers.
[table id=1 /]
Secure Storage and Communication
[table id=2 /]
Physical Security of Data Hosting Location
Data is hosted in Amazon’s Web Services Data Centers. A brief summary is below and detailed physcial security documents are available at: https://aws.amazon.com/compliance/data-center/perimeter-layer/ and https://aws.amazon.com/compliance/data-center/controls/.
Amazon has very strict rules regarding access to the physical premises of their data centers. Only approved employees are authorized to enter and 3rd party access is scrutinized based on the principle of least privilege where request must specify to which layer of the data center the individual needs access, and are time-bound. Entry gates are staffed with security officers, monitors, and cameras. Entry badges for approved visitors requires multi-factor authentication. Physical access to AWS data centers is logged, monitored, and retained. Entrances to server rooms are secured with devices that sound alarms to initiate an incident response if the door is forced or held open. Additionally, electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert appropriate personnel of security incidents. Ingress and egress points to server rooms are secured with devices that require each individual to provide multi-factor authentication before granting entry or exit.
When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.
[table id=3 /]
[table id=4 /]
[table id=5 /]
Monitoring and Contact
[table id=6 /]
Visit https://www.celigo.com/gdpr for up to date information on our GDPR readiness.