We respect your privacy and go to
significant lengths to protect your data
We would never do anything with your data that we wouldn’t be proud to tell the world about. We go to considerable lengths to ensure that all data is handled securely – keeping our apps and your data secure is fundamental to our business.
Infrastructure
- All of our services run in the cloud. CloudExtend does not run our own routers, load balancers, DNS servers, or physical servers.
- Our services and data are hosted in Amazon Web Services (AWS).
- All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
Data Transfer
- All data sent to or from CloudExtend is encrypted in transit using 256-bit encryption.
If you detect or suspect a security incident related to CloudExtend, please email us.
DATA PROTECTION
25k
More than 25K users trust us to safeguard their data
CONTINUOUS MONITORING
24/7
Nonstop security oversight of our app
99%
99.99% Uptime and continuous backup of customer data
Regulatory Compliance Readiness
CloudExtend is committed to following the most trusted security standards in the world, and proves it with audits and accreditations.
- SOC2 – Celigo and CloudExtend’s SOC 2 reports are available upon request.
- GDPR – We can execute a DPA for customers interested in EU and UK GDPR Privacy.
- CCPA – Celigo’s CloudExtend is CCPA Ready.
- FERPA – We manage in-process data securely, so educational institutions and their suppliers can continue to rely on our products for their integrations.
Our Security Measures Set Us Apart
At CloudExtend, our customer’s security is at the forefront of how we develop our apps and protect data. Our customers depend on us to not only safeguard their subscription data, but also to maintain ongoing service continuity.
To exceed our customer’s expectations, CloudExtend has incorporated multiple layers of security in our apps, such as role-based controls, 2FA, MFA and SSO support.
CloudExtend has also invested in the appropriate processes, resources and compliance measures to safeguard our customers. Our security framework also incorporates audits and accreditations such as GDPR, CPRA, FERPA, as well as SOC1 for CloudExtend and SOC2 for Celigo. Reports are available upon request.
-
ROLE-BASED ACCESS CONTROL
CloudExtend products adhere strictly to NetSuite’s RBAC for user-interactive features.
-
2FA, MFA, AND SSO SUPPORT
CloudExtend apps support multi-factor authentication (MFA) and single sign-on (SSO).
-
SOFTWARE CONTINUITY
Our customers can count on the availability of our apps and any applicable data to all authorized users.
-
PROCESS, CONTROLS AND COMPLIANCE
Proactively comply with worldwide regulatory standards and follow processes and controls to maintain compliance.
Commonly Requested Data Security Information
Employee Security
| Question | YES NO N/A |
|---|---|
| Is there a formal and approved information security policy? | Yes |
| Is there a clearly defined acceptable use policy for computer use, and is it enforced? | Yes |
| Are there clearly defined hire and termination policies and procedures? | Yes |
| Are background checks performed as a part of your new hire procedures? | Yes |
| Are there proper procedures for granting and revoking permissions upon hire and termination based on job duties? | Yes |
| Is there a security awareness program? | Yes |
Secure Storage and Communication
| Question | YES NO N/A | Comments |
|---|---|---|
| Do you store any customer related information? | YES | We may store user name, company name, address, and email for licensing and billing purposes. We also may store account related metadata information. Additionally we capture usage details via 3rd party applications. Examples would include login attempts, number of records updated, type of record updated. CloudExtend Excel for NetSuite may persist data on Amazon S3 when uploaded via “Burst Mode”. Data is persisted only until it has been processed by NetSuite and downloaded by the user after which it is immediately deleted from S3. The data is encrypted on write with Amazon S3-Managed Encryption Keys SSE-S3). |
| Do you ensure that all data stored and transferred is encrypted? | Yes | |
| Has a data encryption and storage policy and procedure been defined? | Yes |
Data Hosting Location
Amazon has very strict rules regarding access to the physical premises of their data centers. Only approved employees are authorized to enter and 3rd party access is scrutinized based on the principle of least privilege where request must specify to which layer of the data center the individual needs access, and are time-bound. Entry gates are staffed with security officers, monitors, and cameras. Entry badges for approved visitors requires multi-factor authentication. Physical access to AWS data centers is logged, monitored, and retained. Entrances to server rooms are secured with devices that sound alarms to initiate an incident response if the door is forced or held open. Additionally, electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert appropriate personnel of security incidents. Ingress and egress points to server rooms are secured with devices that require each individual to provide multi-factor authentication before granting entry or exit.
When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.
Network Security
| Question | YES NO N/A | Comments |
|---|---|---|
| Is the hosting infrastructure protected by a firewall? | Yes | The firewall is enabled in the AWS infrastructure |
| Is there an IDS or IPS monitoring the network? | Yes | This is enabled in the AWS infrastructure |
| Are servers on dedicated network segments? | No | Our infrastructure is hosted on Amazon AWS |
Server Security
| Question | YES NO N/A | Comments |
|---|---|---|
| Do servers with customer data enforce a minimum password length of 8 or more characters? | Yes | A minimum of 128 bit security keys are used to access AWS. |
| Is two-factor authentication (2FA) used? | Yes | For access to AWS security console 2FA is enabled |
| Is a Host Intrusion Detection System used? | Yes |
Desktop Security
| Question | YES NO N/A | Comments |
|---|---|---|
| Does the organization require a minimum password length of 8 or more characters? | Yes | |
| Is there a password rotation policy? | No | No rotation policy for user desktops/laptops. Rotation policy applies for master password to the cloud Identity and Access Management provider used for accessing all other systems / software. Policy requires that the master password is never stored (saved) by the user |
| Is two-factor authentication used? | Yes | Access to cloud IdP is protected by 2FA |
| Does the organization require all desktops to have antivirus software? | Yes | |
| Are all desktop computers part of a domain? | No | |
| Are users allowed to install applications? | Yes | |
| Are users keyboard and monitors recorded? | No | |
| Are users network activity recorded? | No |
Monitoring and Contact
| Question | YES NO N/A | Comments |
|---|---|---|
| Is there a 24/7 contact number for outages? | No | Status updates are provided at status.cloudextend.io We’ll generally know of outages before customers report them.We have internal processes that monitor our API’s and proactively alert staff on standby. Customers can also report outages on the status page. |
| Is there a 24/7 contact number for security incidents? | No | We’ll generally know of incidents before customers report them. We have internal processes that monitor our API’s and proactively alert staff on standby. Incidents can be reported to [email protected] |
| Are logs and events monitored | Yes | |
| For planned maintenance, can customer be notified? | Yes | |
| For security incidents, can customer be notified? | Yes |
“Keeping our apps and your data secure is fundamental to our business. CloudExtend products adhere strictly to NetSuite’s Role Based Access Control (RBAC) for user-interactive features.”
Sameera Perera
Senior Director of Engineering
CloudExtend
Learn more about Sameera’s views on RBAC and why choosing a
vendor that takes a shortcut approach will leave you vulnerable
Learn More about CloudExtend
Blog
Read about CloudExtend product updates, industry trends, and current events.
Events
Find out where the CloudExtend team will visit next.
Webinars
Watch a CloudExtend webinar to learn best practices for NetSuite, Salesforce, and Excel usage.
Resources
Read the latest CloudExtend ebooks, case studies, white papers and other collateral.
Ready to Get Started?
Start a free trial. No credit card required.
