Cross4Cloud /  Trust Center

Cross4Cloud Trust Center

The Cross4Cloud Trust Center provides you the latest information and updates on the security, reliability, privacy, and compliance of our products and services.

ISO 27001

SOC

CSA

GDPR

Compliance Certifications, Standards, and Regulations

We obtain industry-accepted certifications and comply with current industry standards and regulations so you can feel confident that your company and customer data remain secure and compliant.

c4c work

Privacy

Application Security

We use a security monitoring solution to get visibility into our application security, identify attacks and respond quickly to a data breach. We also use technologies to monitor exceptions, logs and detect anomalies in our applications. We collect and store logs to provide an audit trail of our applications activity. Security events are logged and notifications are sent in case of critical attacks to allow for fast remediation.

User Security

As with most cloud services, access to the Cross4Cloud platform requires a login ID and password. Single sign-on (SSO) can be implemented by our enterprise customers. We recommend making use of the additional protections (such as 2FA) that are offered by SSO vendors. Advanced role-based access control (RBAC) is offered on all our customer accounts and allows our users to define roles and permissions.

Infrastructure Security

Utilizing industry best practices and Transport Layer Security, all information sent to or from our infrastructure is encrypted while it is in transit (TLS). Data-at-rest encryption is applied to all storage devices. So, it is impossible to misuse a decommissioned device. Every year, the encryption keys used for at-rest encryption are changed.

Network Security

Cross4Clouds' network architecture consists of multiple security zones with different tiers confined to their own zones. In particular, internet-facing endpoints are in their own zone and do not have direct access to the database tier or other internal services. For AWS environments, AWS GuardDuty is used to actively monitor all cloud trail and VPC flow logs for any anomalies or security incidents. AWS Security Hub is used to check all the infrastructure policies and configuration against best practices and raise alerts.

Data Security

All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). Any device storing any data is subjected to data-at-rest encryption. Thus, a decommissioned device cannot be misused. The encryption keys for at-rest encryption are rotated annually.

Stay ahead in the fast-paced world with the C4C Blog. Your go-to resource to never miss out on the latest updates, news, and insights about C4C.

C4C lets you consume any cloud provider resource with the same request. No complicated migration processes involved.