A Cloud Guru

Platform Security




We use cookies to ensure you get the best experience on our website. If you agree to our use of cookies, please continue to use our site. For more information, see our privacy policy.Continue <ul> <li>Sign In</li> </ul> <ul> <li>A Cloud Guru</li> <li>Blog</li> <li>Resources</li> <li>Forum</li> <li>Careers</li> </ul> Close <ul> <li>Browse Learning</li> <li>For Business</li> <li>For Individuals</li> <li>Learn by Doing</li> <li>Pricing</li> <li> Close </li> <li>Get Started</li> </ul> <i> </i> Back<ul>Browse Learning<li> Courses<p>Build your modern tech skills with our comprehensive course library</p> </li> <li> Hands-on Labs<p>Get your hands cloudy and build skills on demand with 1,500+ guided labs</p> </li> <li> Learning Paths<p>Go from novice to guru in your chosen specialty</p> </li> <li>Browse All Learning &gt;</li> <li> </li> </ul> <i> </i> Back<ul>Browse Platforms<li> AWS<p>Learn from an AWS Advanced Consulting Partner</p> </li> <li> Azure<p>Learn Azure from our Microsoft MVP-led team</p> </li> <li> GCP<p>Prep for in-demand certs or go deep into advanced topics</p> </li> <li> Linux<p>Level up with 1,400+ hours of Linux learning</p> </li> <li>Browse AllSAVE 20%!</li> </ul> <ul>Hands-on Labs<li> Top Hands-on Labs<p>Find our most popular Hands-on Labs</p> </li> <li> By Platform<p>Find labs filtered by your preferred platform</p> </li> <li> By Specialty<p>Find labs focused on security, data, and other specialties</p> </li> <li>Browse AllSAVE 20%!</li> </ul> <ul> <li> AWS Developer<p>Take your dev skills from novice to guru</p> </li> <li> AWS Architect<p>Go from novice to guru as a cloud architect</p> </li> <li> AWS Data<p>Become a guru in all things data</p> </li> <li> AWS DevOps<p>Learn the time warping skills a DevOps guru needs</p> </li> <li> AWS Security<p>Become a master of defense and secure your cloud</p> </li> <li> AWS Executive<p>Build your cloud foundation to better define strategies and priorities</p> </li> <li>Browse AllSAVE 20%!</li> </ul> <ul> <li>Sign In</li> </ul> Close <ul> <li>Get Started</li> </ul> ACG PoliciesPlatform and Operational Security Policies <ul> <li> Privacy Policy</li> <li> Code of Conduct</li> <li> Terms of Use</li> <li> Platform Sub-processors</li> <li> Platform and Operational Security</li> <li> Technical and Organisational Measures (TOM)</li> <li> A Cloud Guru Hands-On Feature Terms</li> <li> Master Services Agreement</li> <li> Data Processing Addendum</li> </ul>Platform and Operational Security<p>Last updated: March 19, 2021</p>Overview<p>A Cloud Guru is committed to protecting your information. This document outlines the technical and procedural measures A Cloud Guru employs to protect Customer Data.</p> <p>If you have any additional questions, please feel free to contact us at security@acloud.guru.</p>Platform SecurityInfrastructurePhysical access<p>A Cloud guru is primarily a serverless environment, entirely hosted in the cloud and uses the shared cloud security model. We do not run our own routers, load balancers, DNS servers, or physical servers.</p> <p>A list of all cloud providers used to maintain security and provide services on our platform can be found on our Platform Sub-processors page</p>Infrastructure as Code<p>We manage our infrastructure as code, allowing us to audit and peer review any changes, and to provide a secure and automated process for applying these changes.</p>System Administration and Patch Management<p>A Cloud Guru leverages fully managed, ie “serverless”, services to deliver the platform such as AWS Lambda. The provider is responsible for administering and patching the servers for in such cases.</p> <p>In cases where we run cloud based servers, we actively scan for security and configuration vulnerabilities and patch those servers according to the risks presented.</p>Application securitySecure Software Development<p>A Cloud Guru uses automation and reviews to ensure we develop software in a consistent, reliable and secure way.</p>Threat Modeling<p>New initiatives are required to develop threat models prior to application development. Those threat models result in in-depth risk analyses which are reviewed by our security team</p>Code reviews<p>All changes to the A Cloud Guru codebase are reviewed by peers. Code reviews are designed to ensure the security, performance and quality of code released to production. Code changes are staged or tested prior to deployment to production systems.</p>End User Login Protections<p>We protect our user login against a number or attack vectors including brute force attacks by utilising third party services. Passwords are cryptographically hashed and salted by our authorisation provider based on industry best practises. Our authorization provider generates user authorisation tokens to manage connections to the platform.</p>Deployment&nbsp. Process<p>The deployment of the A Cloud Guru platform is entirely automated. Changes to both infrastructure and code are subject to automated testing using our Continuous Integration (CI) tool before being released to production. A change that passes our review and testing process is then deployed to production using our CI tool.</p>Penetration Testing<p>A Cloud Guru engages an independent organisation to perform regular penetration tests to assess the security of our platform. The security of our platform is reviewed on a 6 monthly basis. The team works quickly to mitigate potential issues identified by these reviews.</p>Data encryption and transfer<p>A Cloud Guru encrypts data both at rest and in transit. All external network communication uses TLS encryption to protect it in transit. We leverage the encryption tools included in public cloud data stores to encrypt data at rest.</p>Monitoring<p>Activity on A Cloud Guru’s systems is logged and monitored. We capture and store logs generated by our infrastructure, application code and vendors. This includes but is not limited to, Amazon Web Services (AWS), Auth0, GSuite and Github. Logs from these systems are stored and analysed for unusual activity.&nbsp;</p>Operational SecuritySecurity Council<p>We have established a collaborative security council for surfacing security concerns across the business. Representatives from the various business units participate in regular discussions about security and compliance issues, and executive participants make high level decisions.</p>Security Team<p>A Cloud Guru has a dedicated security team. Our security team works with all teams at A Cloud Guru to ensure security is built into everything we do.</p>People and Process<p>All members of the A Cloud Guru team, including full-time employees and contractors are required to comply with internal security policies and practices. These policies and practices are designed to ensure compliance with law and security best practices.</p>Employee Access to Data<p>A Cloud Guru restricts access to systems and infrastructure to A Cloud Guru personnel (or, at limited times, consultants who are bound by confidentiality and data protection standards) who require access as part of their job responsibilities. Access removal processes are used to revoke access to personnel who no longer need it.</p>Passwords and Authentication<p>A Cloud Guru enforces a password policy and a requirement for multi-factor authentication to protect sensitive systems.</p>Business Continuity and Disaster Recovery<p>A Cloud Guru maintains a Business Continuity plan for the A Cloud Guru organization.</p> <p>Backups are a central part of our Disaster Recovery strategy. Customer data is stored in Cloud storage services. All data is backed-up on at least a daily basis.</p>ComplianceOverview<p>A Cloud Guru is committed to protecting your information. While A Cloud Guru has not yet undergone a 3rd party security audit for SOC-2 or ISO27001, 27018, we utilize the security controls present in those frameworks and have chosen cloud hosting providers that are SOC and ISO compliant.</p>PCI Obligations<p>A Cloud Guru uses certified third-party payment providers (such as, Chargebee, Braintree, Stripe, and Authorize.Net) to comply with applicable PCI standards. A copy of our compliance certification can be found here.</p>Notification of Security Breach<p>A Cloud Guru adheres to GDPR and applicable U.S. state requirements for data breach notification standards. In the event of a security breach A Cloud Guru will take actions to contain, investigate and mitigate the breach. A Cloud Guru will notify affected customers in the event of a breach in the manner and within the time frames required by applicable law.</p> <p>An unsuccessful security incident will not be subject to notification. An unsuccessful security incident is one that results in no unauthorised access to Personal Data or to any of ACG’s equipment or facilities storing Personal Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorised access to traffic data that does not result in access beyond headers) or similar incidents.</p>Contact Us<p>If you have concerns, don’t hesitate to contact our team.</p> <p>Email: security@acloud.guru</p> <ul> <li>Learning</li> <li>For Business</li> <li>For Individuals</li> <li>Hands-on Labs</li> </ul> <ul> <li>Resources</li> <li>Blog</li> <li>Webinars</li> <li>Case Studies</li> <li>eBooks</li> <li>Forum</li> </ul> <ul> <li>About Us</li> <li>Contact Us</li> <li>Careers</li> <li>ACG News</li> <li>Support</li> </ul> facebook twitter linkedin instagram youtube RSS © 2021 Serverless Heroes, Inc.<ul> <li>Code of Conduct</li> <li>Privacy Policy</li> <li>Terms of Use</li> </ul>




Comments:
On 2021-03-22 18:31:27 UTC, Agnes de Lion Staff wrote:

Document has been crawled
Old length: 0 CRC 0
New length: 9712 CRC 3629137913