CloudFiles is SOC 2 Type II certified. We work with an AICPA certified auditor to evaluate our security controls and policies on an annual basis. SOC 2 report can be provided, upon request.
At CloudFiles, we adhere to GDPR and other privacy regulations in everything we do. We recognise that protecting privacy requires a holistic security program. We have done extensive research and created a support articles explaining how CloudFiles is GDPR compliant
CloudFiles has received its ISO 27001/IEC 27001:2013 certification, adhering to the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
CloudFiles stores document and customer's data in multiple availability zones. Data in each zone is encrypted at rest with AES-256. CloudFiles also offers BYO-S3 (Bring your own S3) so that you can store your files in the region of your choice and have full control over your files.
CloudFiles leverages a leading web application firewall with automatic updates to block against the latest threats. We also utilise application level DDoS protection from CDN provider and network level DDoS protection from cloud provider. TLS 1.2+ is minimum for data in transit. CloudFiles regularly engages application security experts for third party penetration tests.
AWS handles physical and virtual aspects as part of the shared responsibility model. We deploy our application using containers run on AWS managed services. This limits our footprint and ensure a better security posture as we typically do not manage servers or EC2 instances in production.