Securing CloudFlow's global infrastructure and your applications is an important problem to solve and we take it seriously. CloudFlow’s security practice is led by our CISSP-qualified VP of Security and encompasses areas such as compliance protocols, corporate governance, data privacy, change management, and more.
Our comprehensive Security Statement includes details with respect to all security and compliance factors at CloudFlow.
Please contact us at firstname.lastname@example.org if you have a security concern, or believe you’ve found a vulnerability in any part of our platform.
SOC 2 Type II Compliance
CloudFlow has successfully completed a System and Organization Controls (SOC) 2 Type II audit, performed by Sensiba San Filippo, LLP (SSF).
Network-layer DDoS protection is included by default across the entire CloudFlow network to protect against all Layer 3/4 attacks. CloudFlow’s DDoS protection includes dually redundant DDoS protection including two of the world’s largest DDoS networks.
Compute Framework Security
Applications cannot view or access processes outside of their isolated environment.
Namespace NetworkPolicy Control
Kubernetes NetworkPolicies restrict communications across namespaces.
Private Repositories & Registries
Maintain your application code, configuration and deployment manifests in your own code management systems and image registries.
Security Platform Extensions
CloudFlow supports several containerized solutions that are available for general use by CloudFlow customers and include security-focused features. These include:
- Activate IP blocking (via CloudFlow HTTP Ingress)
- Geo IP range blocking, and User Agent detection and blocking (via Varnish Cache)
- TLS Certificate Management (via CloudFlow HTTP Ingress)
Additional Security Features
Geographic Delivery Control
Control delivery to locations consistent with your GDPR or other compliance requirements.
Vendor Delivery Control
Restrict delivery nodes to a specific provider consistent with your compliance and security requirements.
CloudFlow is a certified PCI DSS Level 1 Service Provider. CloudFlow utilizes Tevora a Qualified Security Assessor (QSA) to conduct an annual compliance audit and provide a PCI DSS Attestation of Compliance (AOC).
CloudFlow offers PCI DSS Level 1 Compliant Service as a premium service, enabling customers to build PCI-compliant systems that leverage all the benefits of CloudFlow.
CloudFlow’s privacy practices align to compliance with GDPR.
- API tokens