Written By Vikas Dakshinamurthy, Business Analyst
Contributor Karthikeya Sinha, Chief Product Architect
CloudEnsure – Access & Security
CloudEnsure is a Cloud Governance Platform built to support multi-cloud environments with a focus on cloud-native security. Cloud security refers to the discipline and practice of protecting cloud computing environments, applications, data, and information. It mainly secures cloud environments against unauthorized access, data breach, DDOS attacks, and other risks. This also includes user management and privileges (IAM), the encryption and protection of sensitive data, and the ability to meet compliance.
Due to the above-mentioned points, security becomes the topmost priority, and considering these best practices, CloudEnsure was implemented by taking care of all the security aspects with at most care once your cloud accounts are onboarded.
CloudEnsure’s Architecture
- Application – CloudEnsure is hosted on AWS. It uses multiple frameworks embedded together to use the best available methodologies & practices. The front end is developed using Vue.js and the backend uses different technology stacks depending on the use cases
Application Framework
- Vue.JS
- Bootstrap
- Python
- Java
- Infrastructure – We have a total of 3 environments which include Development, UAT Staging, and Production. All these environments are hosted on AWS. CloudEnsure follows certain policies to control the access specific to each environment
How secure is your data on CloudEnsure?
- CloudEnsure SaaS version utilizes only the metadata about your cloud infrastructure and does not read any information from the services or no application specific data is utilized for any purpose. This ensures that no customer or account information will be accessed by CloudEnsure
- CloudEnsure is a single-tenant application and the customer data is isolated at the tenancy level
- CloudEnsure will not have access to any application data, be it data stored in storage services or servers or any resources in your cloud account. Basically, CloudEnsure follows Role based access (RBAC) i.e. role based access restriction system for access to authorized users only and create a temporary security credentials that is used to access (read-only) meta data about the resources and infrastructure
- For fetching the data or information from the cloud accounts CloudEnsure make use of the TLS/HTTPS, so that the data is encrypted in transit. The retrieved meta data is stored with AES256 encryption standards
- For data backup and deletion, CloudEnsure stores metadata for 14 days for the Audit and Governance module and up to 90 days for cost analytics and savings module
Data Encryption
Services of CloudEnsure use TLS/HTTPS secure communication to interact with data storage. Advanced Encryption Standard is used to ensure server-side encryption with strong keys that are created, stored, controlled using AWS KMS (Key management system) & Azure key vaults.
CloudEnsure supports the following CSP’s, and the access level required for the same:
| Customer Accounts | Access level |
| AWS | Role Based access |
| Azure | Key Based access |
| GCP | Granular based access |
| Other Third-party tools | Key based access |
CloudEnsure SaaS version utilizes all the security best practices made available by various cloud platforms that CloudEnsure supports. This tends us to provide increased security whilst communicating with AWS (role-based access), Azure services (key based access), GCP (granular access) or third-party (key based access), Azure rest API over HTTPS are used respectively to ensure privacy and integrity of data.