Cloudfind Security

Cloudfind employs a range of best practice techniques, tools and infrastructure to ensure that our customers’ data is secure.

Security is core to how we work at Cloudfind. If you have any questions or encounter any issues, please contact us at security@cloudfindhq.com.

Physical Security

Cloudfind uses ISO 27001 and SOC 1 / SSAE 16 / ISAE 3402 certified data centers located in the European Union, through its infrastructure provider.

Physical access is strictly controlled  by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.  All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

System and Software Security

We regularly update the  Cloudfind infrastructure with the latest security patches.  We use a variety of techniques such as virtual private cloud (VPC) and multiple firewall zones to provide “defense in depth” and  block unauthorized system access.

We design security into our application, using best practices and industry standard frameworks.  We use penetration testing by internal engineers and external experts to validate security against a wide range of attacks.

Due to our application listing on the Salesforce AppExchange app store, our entire application and infrastructure is reviewed for best practices and penetration tested by the Salesforce security team.

Data Access

The Cloudfind application stores only limited metadata from customer cloud storage accounts, including file names, folder names, file owners, and modification times.  It also stores user names and email addresses, and limited data from application integrations such as CRM Account names.  It does not store or access the contents of files.

Customer data is only accessed if required for support reasons.  Support representatives have all signed confidentiality agreements with Cloudfind.   No changes will be made to your account without you being notified.

Communications

The Cloudfind application runs exclusively over SSL through a dedicated SSL proxy service, which is carefully configured for maximum security to use only the most secure versions of SSL/TLS.  We use HSTS so that browsers will only ever connect to Cloudfind over SSL.

Data Security and Backups

Cloudfind automatically and regularly backs up all customer data to an offsite location.  This means that all data is held in more than one country, guarding against even a complete data center outage.

Contacting our security team

We rapidly investigate all reported security issues. If you have a security question or believe you’ve discovered an issue with Cloudfind’s security, please get in touch with us through security@cloudfindhq.com (optionally using our PGP key).

We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Cloudfind.