Menu
We take our responsibility to help protect your data and environments which starts with protecting our own.
Building Security is one thing — providing it is another.
Cloud Aisle’s security and compliance posture is governed by a custom Cloud Aisle Information Security Management System (ISMS). This ISMS is developed by looking at external compliance regimes (SOC2, ISO, etc.), best practices from organizations like SANS and AWS, and internal Cloud Aisle requirements.
Cloud Aisle systems and personnel are expected to abide by the requirements in the ISMS and its sub-policies and procedures. This activity is then mapped to external compliance regimes to provide evidence for our auditors. Cloud Aisle currently audits against SOC2 and ISO27001 on an annual basis. In addition to these regimes, we are able to map our ISMS to many other regimes or requirements at customer request.
Many Cloud Aisle products and services require that customers provide some form of access to customer-controlled AWS accounts to Cloud Aisle personnel. This access is protected using native AWS security tools like Identity and Access Management (IAM).
Any access to customer infrastructure starts with the Cloud Aisle resource authenticating to Cloud Aisle’s IAM tooling (currently Okta) which requires Multi-Factor Authentication (MFA). Note that only roles that require customer access are allowed to authenticate following a least privilege model and all authentications on the Cloud Aisle side are logged and audited.
Once authentication is complete, the Cloud Aisle resources may access the customer environment in a variety of ways.
AWS PortalCloud Aisle may interact directly with the AWS portal in the customer account to make manual changes or gather information.
AWS APICloud Aisle may use internal tools and open source tooling like Terraform to interact with the customer’s account through the AWS APIs.
AWS InfrastructureCloud Aisle may use AWS Systems Manager (SSM) to interact with customer AWS infrastructure such as EC2 instances.
Cloud Aisle differs from many of your SaaS partners in that our job is to help manage your AWS environment. Your data will stay in your AWS accounts with full access to your team and under your control. Cloud Aisle does not collect, process or store any data that you have in your AWS account.
Cloud Aisle does collect data about the team we will interface with — primarily contact information like names, emails and phone numbers. We also collect data that we need for billing — this includes the usage generated in your AWS environment. Data that Cloud Aisle collects is protected both in transit (using common protections like TLS) and at rest using standard AWS encryption techniques.
Cloud Aisle is capable of assisting customers with a wide range of security needs. You can visit our Cloud Aisle One product page for more information. This section details Cloud Aisle’s approach to security for our internal systems.
Identity & Access ManagementCloud Aisle may interact directly with the AWS portal in the customer account to make manual changes or gather information.
Security EducationCloud Aisle may use internal tools and open source tooling like Terraform to interact with the customer’s account through the AWS APIs.
Endpoint ProtectionCloud Aisle may use AWS Systems Manager (SSM) to interact with customer AWS infrastructure such as EC2 instances.
Cloud Aisle believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in Vanta’s service, please notify us; we will work with you to resolve the issue promptly.
Cloud Aisle is providing this service to help ensure a safe and secure environment for all of its users. As such, any users believed to be engaging in the below activities will have their user credentials immediately deactivated.
While researching, we’d like you to refrain from:
Cloud Aisle is always open to feedback, questions, and suggestions. If you would like to contact us, please email us at info@cloud-aisle.com.
