Cloudryption
Log in Book a Demo

Platform Scope

Clear scope. Clear expectations.

What Cloudryption includes, what is limited, and what is outside standard platform scope.

Version: 1.0  ·  Effective date: May 2026  ·  Owner: Cloudryption Product & Security

Cloudryption provides decision intelligence, exposure modelling, attack path analysis, and remediation planning for cloud environments. This page defines what is in scope, what has limits, and what requires custom agreement.

1. Included in standard scope

Cloudryption standard platform scope includes:

  • Read-only cloud discovery
  • Cloud asset inventory
  • Identity and permission context
  • Network and exposure context
  • CSPM-style misconfiguration detection
  • Attack path modelling
  • Crown-jewel exposure analysis
  • Risk prioritization
  • Remediation recommendations
  • Executive reporting
  • Technical reporting

2. Standard cloud coverage

Standard coverage: AWS, Azure, GCP (scope-dependent). Kubernetes available for controlled deployments. Oracle experimental. Alibaba roadmap.

3. Not included by default

Cloudryption does not perform the following by default:

  • Penetration testing
  • Exploit execution
  • Destructive testing
  • Managed remediation
  • Production change implementation
  • Incident response services
  • Forensic investigation
  • Packet capture
  • Endpoint detection and response
  • Agent-based runtime monitoring
  • Source code scanning
  • Legal compliance certification for customers
  • SOC 2 certification for the customer environment

Some of these capabilities may be available through integrations or custom agreements. Contact sales to discuss requirements.

4. Data handling scope

Cloudryption is designed to minimise customer data exposure. Standard discovery focuses on:

  • Cloud metadata and resource configuration
  • Identity and permission metadata
  • Network exposure metadata
  • Security control status
  • Storage and data classification signals
  • Evidence references

Cloudryption does not collect raw customer business data, application data, database records, or private documents unless explicitly agreed in writing.

See the Data Retention Policy and Encryption Architecture for more detail on how collected metadata is handled.

5. Remediation limitation

Recommends and prioritizes remediation. Direct execution is disabled by default and requires explicit approval with scoped permissions and operational controls.

6. DSPM limitation

Standard analysis: metadata, exposure, and classification. Deep content inspection and sensitive-data processing require explicit enablement and data-handling agreements.

7. Attack path limitation

Decision-support evidence based on cloud metadata, configuration, identity relationships, and business context. Review as exposure chains, not proof of exploitation.

8. Customer responsibilities

Customers are responsible for:

  • Providing approved read-only access
  • Confirming pilot or deployment scope
  • Reviewing discovered assets and validating context
  • Validating remediation recommendations before implementation
  • Executing production changes
  • Maintaining cloud provider accounts and permissions
  • Approving any expanded access or integrations

Ready to see which cloud risks matter most?

Start with a controlled pilot and receive a board-ready executive report, a technical evidence report, and a prioritized remediation plan.

Request Pilot Book Demo