Frequently Asked Questions

Cloudryption is a cloud security platform that helps organizations understand, simulate, and reduce real attack paths across their cloud environments. Instead of only listing misconfigurations, Cloudryption builds a risk model of the environment and shows how attackers could move from exposed assets to sensitive data, identities, or critical systems.

Cloud environments generate thousands of alerts, misconfigurations, identity risks, and exposure findings. Security teams often struggle to know what matters most. Cloudryption helps answer:

• What is exposed?
• What can be attacked?
• What identities or data are at risk?
• Which attack paths are possible?
• Which few fixes reduce the most risk?
• What evidence supports the decision?

Cloudryption combines multiple cloud security capabilities into one decision-focused platform:

• CSPM — Cloud misconfiguration and posture analysis
• CIEM — Identity and permission risk analysis
• DSPM — Sensitive data exposure and access-risk analysis
• CWPP — Workload and runtime-aware risk context
• Attack Path Analysis — Modeling how risks connect into real compromise paths
• Decision Engine — Prioritizing the smallest fixes with the biggest risk reduction

The main value is not only finding problems, but helping teams decide what to fix first.

Cloudryption is designed for: Cloud security teams, Security architects, SOC teams, DevSecOps teams, Cloud platform teams, CISOs and security leadership, GRC and compliance teams, and Managed security service providers.

Cloudryption focuses on decision quality. Many tools show long lists of findings. Cloudryption connects findings into attack paths, calculates impact, and recommends remediation actions that break the highest-risk paths. The platform is designed to answer: "Which few actions reduce the most real risk?"

Cloudryption collects cloud environment signals — infrastructure, identity, workload, configuration, network exposure, and data exposure — then builds a security model of the environment, identifies attack paths, scores risk, and recommends remediation actions. The simplified flow:

1. Connect cloud environment
2. Collect inventory and security signals
3. Build the cloud security graph
4. Identify exposed assets and sensitive targets
5. Simulate possible attack paths
6. Prioritize risks
7. Recommend high-impact remediation actions
8. Show before-and-after risk reduction

The digital twin is a modeled representation of the customer's cloud environment. It includes cloud assets, identities, permissions, network paths, workloads, sensitive data indicators, and security relationships. This allows Cloudryption to understand how risks are connected instead of treating every issue as isolated.

An attack path is a sequence of connected weaknesses or access opportunities that could allow an attacker to move from an entry point to a critical asset. For example:

Public exposure → vulnerable workload → attached IAM role → access to sensitive storage bucket

Cloudryption helps show the full chain, not only the individual alerts.

The Decision Engine analyzes findings, attack paths, identities, data exposure, blast radius, and remediation options to recommend the most valuable actions. Instead of asking the security team to fix everything, it helps identify the smallest set of fixes that reduces the most risk.

Remediation value measures how much risk is reduced by a specific fix. For example:

• 52 attack paths to sensitive data → Remove public S3 access → 18 paths remain
• 17 exposed identities → Restrict IAM role trust policy → 6 paths remain
• 2 actions → 88% risk reduction

This helps teams prove why a fix matters and measure security improvement over time.

A crown jewel is a high-value asset that could cause serious business, security, or compliance impact if compromised. Examples: Sensitive data storage, Production databases, Critical workloads, Privileged identities, Encryption keys, Customer data repositories, Business-critical applications.

Cloudryption is designed to operate primarily with read-only permissions for assessment and analysis. Write access is not required for visibility, attack path modeling, or remediation recommendations. If automated remediation is enabled, it requires explicit customer approval and separate permissions.

Cloudryption needs enough permission to read cloud configuration, identity, network, workload, and security posture information. Examples include read access to: Cloud inventory, IAM policies and roles, Storage configuration, Network configuration, Security findings, Key management metadata, Workload metadata, and Logging and monitoring metadata. The exact permission set depends on the cloud provider and features enabled.

Cloudryption does not need to copy or store customer business data to provide attack path and exposure analysis. The platform focuses on metadata, configuration, permissions, relationships, and security evidence. Where data sensitivity analysis is enabled, Cloudryption uses safe metadata, classification signals, or controlled sampling policies based on customer configuration.

Cloudryption does not store raw secrets, credentials, tokens, or sensitive data samples. If secret exposure is detected, the platform stores only safe evidence, references, metadata, or redacted indicators.

Cloudryption can operate agentlessly for cloud posture, identity, exposure, and attack path analysis. Some workload or runtime visibility features may require additional integrations depending on the customer environment.

Cloudryption uses tenant isolation controls to ensure each customer environment is separated logically and operationally, including: Tenant-based access control, Environment scoping, Role-based access control, Audit logging, Data separation, Least-privilege design, Secure API authentication, and Controlled access to evidence.

Cloudryption is designed with enterprise security principles in mind, including least privilege, auditability, access control, encryption, and secure operational practices. Formal certifications such as SOC 2 or ISO 27001 may be added as the platform matures.

Cloudryption is designed for multi-cloud security. Target coverage includes: Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Kubernetes, Containerized workloads, and Hybrid cloud environments. Current support may depend on the deployment version and enabled connectors.

Yes. Cloudryption is designed to analyze AWS services including: IAM roles and policies, S3 buckets, VPCs and security groups, KMS keys, EC2, Lambda, EKS, CloudTrail-related signals, Security Hub-style posture findings, Public exposure paths and identity privilege risks, and Sensitive data access paths.

Yes. Cloudryption is designed to support GCP security analysis including: Projects, IAM bindings, and service accounts, Custom roles and Cloud Storage buckets, KMS keys and VPC networks, Firewall rules, Cloud Run, Cloud Functions, Compute Engine identity attachments, and Sensitive data exposure signals.

Cloudryption is designed as a multi-cloud platform. Azure support is part of the platform direction and can be enabled depending on customer requirements, roadmap phase, and connector availability. Please contact us for current availability and scope.

Yes. Cloudryption can be extended to include Kubernetes-related risk context such as: Cluster exposure, Workload identity and service accounts, Network exposure, Container workload relationships, and Paths from workloads to cloud identities or data.

Cloudryption provides remediation recommendations and fix plans. Automated remediation can be supported only when explicitly enabled by the customer and controlled by approval workflows. This keeps your team in control of every change.

A fix set is a group of remediation actions that together reduce risk. Example:

• Remove public bucket access → Breaks external entry path
• Restrict IAM trust policy → Blocks privilege escalation
• Require private endpoint access → Reduces exposure
• Rotate exposed credential → Removes active compromise path

Yes. This is one of Cloudryption's most important capabilities. For example, removing public access from a storage bucket may eliminate many attack paths that depend on that exposure, delivering outsized risk reduction from a single action.

Yes. The platform shows before-and-after impact. For example:

• Attack paths: 52 → 6
• Exposed identities: 17 → 3
• Crown jewel exposure: Present → Removed
• Risk reduction: 88%

Yes. Cloudryption reduces noise by grouping isolated issues into meaningful attack paths and prioritizing fixes by risk reduction. Instead of showing 500 separate alerts, it can show 12 high-impact remediation actions that reduce 80% of reachable critical exposure.

Cloudryption can be deployed depending on customer requirements, including SaaS deployment, private cloud deployment, customer-managed deployment, or hybrid models. Contact us to discuss the right deployment model for your environment.

Initial onboarding depends on the size and complexity of the cloud environment. A basic environment can usually be connected quickly once read-only access is configured. Larger multi-account or multi-cloud environments may require additional planning for permissions, scope, and data collection.

Cloudryption is designed to integrate with cloud providers, security findings sources, SIEM tools, ticketing systems, identity providers, CI/CD systems, vulnerability scanners, compliance tools, and cloud logging services. Contact us for specific integration availability.

Yes. Cloudryption is designed with API-driven workflows so organizations can integrate findings, remediation plans, and risk context into existing security and cloud operations processes.

Cloudryption can provide risk context and prioritized findings that may be integrated into SIEM or SOAR workflows. This helps security teams enrich alerts with attack path and remediation impact context.

The dashboard shows overall risk score, critical attack paths, crown jewel exposure, exposed identities, publicly reachable assets, sensitive data exposure, top remediation actions, risk reduction opportunities, cloud coverage, recent scan status, and trends over time.

Yes. Cloudryption provides executive-level reports that explain current cloud risk posture, critical exposure paths, business impact, top remediation priorities, risk reduction progress, compliance-relevant evidence, and security improvement trends.

Findings and remediation plans can be exported or integrated into security workflows depending on the enabled deployment and integration options. Possible formats include PDF, CSV, JSON, API, ticketing system integration, and SIEM/SOAR integration.

Yes. The platform shows how risk changes over time including attack path count, exposure count, critical findings, remediation progress, crown jewel exposure, identity risk, and cloud posture improvement.

Yes. Cloudryption can help provide evidence for security controls, cloud configuration, access risks, and remediation progress. It can support programs related to cloud security governance, internal audits, risk reviews, security architecture reviews, regulatory readiness, and control validation.

You can request a demo by contacting the Cloudryption team through the contact page. The demo can be tailored to cloud security leadership, security architecture, DevSecOps, or investor-level use cases.

Yes. Cloudryption can be evaluated through a proof of concept depending on environment scope, cloud provider, and required use cases. Contact us to discuss your requirements.

Pricing depends on cloud scope, number of environments, enabled modules, deployment model, and support requirements. Please contact us for pricing details.

Support includes onboarding support, cloud connection guidance, platform usage support, risk interpretation support, remediation planning support, and demo and POC support.

For password changes or account access support, please contact the Cloudryption team through the support or contact page.

Users can visit this FAQ page, contact support, or reach out through the contact page for onboarding, account access, platform usage, or technical questions.