Security at CloudM

CloudM takes a defense-in-depth approach to protecting our systems and your data. Learn more about security at CloudM. To keep up-to-date with the latest regulations, practices, and laws, we have a team of security experts working non-stop to keep CloudM at the forefront of digital security protection.

ISO 27001

CloudM is ISO 27001-compliant.

ISO27001 is one of the most popular information security standards in the world, focusing on protecting three key aspects of information; confidentiality, integrity, and availability.

  • Confidentiality: means that the information is not available or disclosed to unauthorized people, entities, or processes.
  • Integrity: means that the information is complete and accurate and protected from corruption.
  • Availability: means that the information is accessible and usable as and when authorized users require it.

Cyber Essentials

CloudM is proud to be Cyber Essentials certified, a certification which is renewed annually. 

The National Cyber Security Centre (NCSC) is a UK government organization set up to provide practical guidance to large organizations, SMBs and the general public to nurture the UK’s cyber security capability. 

The Cyber Essentials scheme was introduced as a way for companies to gain a clear picture of the cybersecurity measures they or their suppliers have in place. While participation in the Cyber Essentials scheme is voluntary, doing so shows an organization’s commitment to keeping itself and its customers safe. 

As part of our continuous efforts to achieve the highest data security standards, CloudM is proud to be Cyber Essentials certified, a certification which is renewed annually.

HIPAA compliance

Our customers trust us to ensure they comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which standardizes how organizations keep private health information of US patients safe.

Our Business Associate Agreement is available upon request.

NCSC security principles

In addition to the Cyber Essentials scheme, the NCSC publishes guidance on a number of cybersecurity topics, such as cloud security.

The guidelines cover everything from personnel security to the physical tampering of data.

We believe that transparency in security is vital, and so have outlined exactly how CloudM meets these principles in greater detail in

our knowledge base.

Data privacy

The security and privacy of our customers’ personal data is at the core of everything we do.

We constantly monitor regulatory changes in our key markets and ensure that our products and documentation remain up to date and compliant with the relevant privacy and security requirements, including:

  1. the General Data Protection Regulation ((EU) 2016/679 (EU GDPR), Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS2 Directive) and the EU Digital Operational Resilience Act (DORA);
  2. the UK Data Protection Act 2018 (DPA 2018) implementing the EU GDPR in the United Kingdom (UK GDPR), and the UK Privacy and Electronic Communications Regulations 2003;
  3. The US Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA), the California Consumer Privacy Act (CCPA) and the proposed American Privacy Rights Act (ARPA).

You can find out more about how we handle personal data in our Privacy Notice and standard Data Processing Addendum, or by contacting CloudM’s legal team at legal@cloudm.io.

Pen tests

New features, software updates and new attack mechanisms leave organizations susceptible to outside attacks. Penetration tests (often known as pentests) are a common tool used to find potential security risks within a computer system: they simulate a cyberattack and evaluate the system’s response.

CloudM works with a 3rd party on a regular basis to execute pentests, identify any vulnerabilities within our systems and resolve these as required. To ensure that our systems are secured against external and internal threats, our pentests include checks with full access.

Code analysis

At CloudM we use Snyk to secure our code, open source dependencies and container images. Snyk is a developer security platform that enables application and cloud developers to secure their whole application by finding and fixing vulnerabilities from their first lines of code to their running cloud.

CloudM also uses GitHub Dependabot to identify and automate the discovery and upgrade of 3rd party dependencies within our software products.

Secure coding practices

Secure coding is the practice of writing code in a way that prevents the accidental introduction of system vulnerabilities later and it is therefore an essential way in which software developers can protect their products and systems from cyberattacks and insider threats. 

CloudM’s developers follow secure coding practices throughout the planning and development of our products and their features, significantly improving the security of our customers and our own systems.

Find out more about how CloudM can help securely move and manage your data.