Cloudryption
Log in Book a Demo

Security Whitepaper

Security architecture for decision-quality cloud risk intelligence

This whitepaper summarizes how Cloudryption protects customer-authorized cloud metadata while producing CID-powered cloud risk decisions.

Book a DemoTrust Center

Security principles

  • Customer-authorized collection only — Cloudryption connects to cloud accounts using scoped access approved by the customer.
  • Read-only by default — standard discovery does not require write permissions or agents.
  • Evidence over assertion — findings, paths, and remediation recommendations link back to source evidence.
  • Human-controlled remediation — CID recommends fixes; execution requires explicit customer approval and workflow design.
  • Minimum necessary data — Cloudryption prioritizes metadata, configuration, relationships, and risk signals over raw customer content.

Data classes handled

Cloudryption may process cloud asset metadata, IAM metadata, network configuration, security findings, resource tags, data-store posture, vulnerability metadata, and user-submitted business context such as crown-jewel definitions. The platform is not designed to ingest production database records, file contents, secrets, source code, or broad application logs for standard operation.

Access control

Access to Cloudryption is role-based. Administrative access is limited to authorized personnel and reviewed periodically. Customer support access is granted only where necessary for troubleshooting or agreed service delivery.

Encryption and storage

Data is encrypted in transit using TLS and encrypted at rest using managed storage encryption. Credentials and sensitive configuration values are protected using secret-management controls. Retention and deletion are governed by the customer agreement and the data-retention policy.

Logging and monitoring

Platform activity, authentication events, administrative actions, scan status, and operational errors are logged to support auditability, incident response, and service reliability. Logs are access-controlled and retained according to operational need and customer commitments.

Vulnerability management

Cloudryption follows a vulnerability management process covering dependency review, patching, infrastructure hardening, secure configuration, and responsible disclosure intake. Critical vulnerabilities are triaged with priority based on exploitability and customer impact.

Incident response

Security events are triaged, contained, investigated, and remediated according to the incident-response summary. Customer notification is handled according to contractual, regulatory, and operational obligations.

Known boundaries

Cloudryption is a cloud risk intelligence and decision platform. It is not a SIEM, EDR, firewall, traffic proxy, or runtime process-monitoring agent. Standard operation focuses on cloud control-plane evidence and relationship modeling.

Need this in your enterprise security review?

Cloudryption can provide a security packet, technical walkthrough, and pilot evidence pack for your evaluation process.

Request Security PacketBack to Trust Center