Legal & Security

Cross4Cloud Trust Center

The Cross4Cloud Trust Center provides you the latest information and updates on the security, reliability, privacy, and compliance of our products and services.

Compliance Certifications, Standards, and Regulations.#

We obtain industry-accepted certifications and comply with current industry standards and regulations so you can feel confident that your company and customer data remain secure and compliant.

ISO 27001

SOC

CSA

GDPR

PCI DSS

VPAT

FedRAMP

Security & Privacy

Lorem ipsum dolor sit amet consectetur adipisicing elit. Similique in voluptates aperiam aliquid nisi ad!

Application Security

We use a security monitoring solution to get visibility into our application security, identify attacks and respond quickly to a data breach. We also use technologies to monitor exceptions, logs and detect anomalies in our applications. We collect and store logs to provide an audit trail of our applications activity. Security events are logged and notifications are sent in case of critical attacks to allow for fast remediation.

User Security

As with most cloud services, access to the Cross4Cloud platform requires a login ID and password. Single sign-on (SSO) can be implemented by our enterprise customers. We recommend making use of the additional protections (such as 2FA) that are offered by SSO vendors. Advanced role-based access control (RBAC) is offered on all our customer accounts and allows our users to define roles and permissions.

Infrastructure Security

Utilizing industry best practices and Transport Layer Security, all information sent to or from our infrastructure is encrypted while it is in transit (TLS). Data-at-rest encryption is applied to all storage devices. So, it is impossible to misuse a decommissioned device. Every year, the encryption keys used for at-rest encryption are changed.

Network Security

Cross4Clouds' network architecture consists of multiple security zones with different tiers confined to their own zones. In particular, internet-facing endpoints are in their own zone and do not have direct access to the database tier or other internal services. For AWS environments, AWS GuardDuty is used to actively monitor all cloud trail and VPC flow logs for any anomalies or security incidents. AWS Security Hub is used to check all the infrastructure policies and configuration against best practices and raise alerts.

Data Security

All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). Any device storing any data is subjected to data-at-rest encryption. Thus, a decommissioned device cannot be misused. The encryption keys for at-rest encryption are rotated annually.

Reliability

Lorem ipsum dolor sit amet consectetur adipisicing elit. Similique in voluptates aperiam aliquid nisi ad!

Business Continuity

Every day, we back up all of our important assets, and we periodically try to restore the backup to ensure a speedy recovery in case of an emergency. Every backup we make is encrypted. High availability is provided by the configuration of redundancy in all important assets. For disaster recovery, daily backups are copied to another AWS region.

Disaster Recovery

We back up all our critical assets on a daily basis and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted. All critical assets are configured with redundancy and thus provide high availability. Daily backups are copied over to a different AWS region for disaster recovery.

Employee Access

Access to systems containing customer data is reviewed on a regular basis and is monitored on an ongoing basis. Our employees sign a Non-Disclosure and Confidentiality Agreement to protect our customers' sensitive information.

Compliance

Lorem ipsum dolor sit amet consectetur adipisicing elit. Similique in voluptates aperiam aliquid nisi ad!

Secure Development

Our development methodology follows security best practices and frameworks (e.g. OWASP Top 10). Developers participate in security training to learn about common vulnerabilities and threats. We review our code for security vulnerabilities. We regularly scan our host and container images to address the known vulnerabilities and also proactively update the dependencies. We use static code analysis to identify defective code. With every major release, we use threat modelling and known security scanners solutions to check for vulnerabilities and remediate them as per the industry-standard best practices by taking their severity into account.

Responsible Disclosure

Cross4Cloud is dedicated to keeping its cloud platform safe from all types of security issues thereby providing a safe and secure environment to our customers. Data security is a matter of utmost importance and a top priority for us. If you are a dedicated security researcher or vulnerability hunter and have discovered a security flaw in the Cross4colud platform including the cloud application and infrastructure, we appreciate your support in disclosing the issue to us in a responsible manner.

General Data Protection Regulation (GDPR)

We're compliant to the General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Contact us for more details on how we comply to GDPR.

Patch Management

We use AWS Inspector to check for vulnerabilities. Critical and severe vulnerabilities are addressed in the current release under test. If a critical or severe vulnerability impacts application, we patch our production systems immediately.

Payment Information

We don't collect any payment information and are therefore not subject to PCI obligations.

It's a fast world, never miss out anything about C4C

Subscribe to our newsletter to stay updated about C4C. New releases, features, guides and more...