-
CLOUDBASIX Products Inherit Cloud Provider's Security Compliance
All CLOUDBASIX products are distributed as virtual machine images that deploy within your Virtual Private Cloud (VPC). This approach ensures that data processing remains secure, as it never leaves your private cloud.
All products are cloud-native solutions, which come as pre-configured - scanned by AWS or other cloud providers security scanners - machine images (i.e. Amazon AMIs), launched as a VM/EC2 within your VPC, without the need to assign public IPs. You retain full control of the software with administrative access to the underlined OS, allowing you to conduct security scans, independently of the previously conducted scan using cloud provider tools.
Important: As CLOUDBASIX support engineers do NOT have access to customer networks, customers are responsible to keep CLOUDBASIX instances' underlined OS and CLOUDBASIX software up to date, continuously apply latest security updates.
Same security scanning rules apply to each incremental update package - each incremental update is updated into an instance from which a new AMI is produced and passed through cloud provider security scanners. While fully automated mechanism to apply incremental updates is available via the UI console, to allow customers to scan incremental updates before they reach their environments, a semi-automatic update mechanism is in place, to allow downloading of update packages and running the image through their own security scanners, prior to applying updates into instances which run within their Virtual Private Networks (VPCs).
AWS Compliance AWS Compliance FAQ
Infrastructure-level security
Cloud-native solutions - process data safely inside your infrastructure, ensuring your data stays as secure as the security of your infrastructure.
Always in compliance
Because data (replicated by CloudBasix instances deployed in your VPCs) moves within your cloud environment, it never leaves your regulatory-compliant environment, allowing you to comply with further industry security requirements.
Limited Virtual Private Cloud (VPC) instance information sharing
Data being replicated moves within your cloud environment, never leaves your regulatory-compliant environment. However there are a few cases in which limited information about the CLOUDBASIX instances, which are deployed in customer's VPCs is shared with CLOUDBASIX:
1. Checking for software updates and download of update packages (customer initiated) - software and build versions are submitted to CLOUDBASIX API in order to determine if an update is available. If user selects to apply an update automatically, an update package is downloaded into the instance and installed. Semi-manual update option is available, which allows to download the update package, run it through security scanners, and then apply it manually.
2. Applicable only to instances launched under subscription with direct CLOUDBASIX billing: for all subscription plans, including annual, once during instances activation (customer initiated), and once monthly thereafter (auto-initiated), a request to CLOUDBASIX API is triggered (VPC outbound request), which activates/confirms the subscription status of the instance. Limited instance information is submitted to CLOUDBASIX API, which is limited to instance license key, instance type and size, cloud region, customer email and name used during instance activation.
Customers in the Regulated Financial Industry
Customers in the Regulated Healthcare Industry