Skip to main content
Skip table of contents

Data collection and protection description

Cloud2 Spotter offers comprehensive visibility into cloud cost, security compliance, and sustainability as a SaaS service hosted on Amazon Web Services (AWS) and operated by Cloud2. The service complies with AWS best practices and CIS benchmark checks, ensuring meeting the highest standards for security and reliability, and implementing robust security measures to protect against potential threats.

Platform Security

As a Software-as-a-Service (SaaS) provider, the security of our platform is of the utmost importance to us and our customers. Spotter service runs on Amazon Web Services (AWS) in the Stockholm region (eu-north-1), which provides a highly secure and reliable infrastructure.

AWS takes care of all physical infrastructure and hardware security related concerns, including:

  1. Data Center Security: AWS operates and manages highly secure data centers that are designed to provide the physical security necessary for the protection of your data and systems.

  2. Network Security: AWS implements robust network security measures, including firewalls, intrusion detection and prevention systems, and network segmentation, to prevent unauthorized access to customer data.

  3. Physical Security: AWS implements strict physical security measures, including 24/7 video surveillance, security personnel, and access controls, to prevent unauthorized access to customer data.

  4. Compliance: AWS is compliant with a number of security and data protection standards, including ISO 27001, SOC 1 and 2, PCI DSS, and others, ensuring that your data is protected to the highest standards.

In addition, we have implemented various security measures and best practices, such as strong authentication and authorization, encryption, and regular backups, to ensure the security and confidentiality of our customers' data.

In conclusion, we take the security and reliability of our SaaS service seriously and strive to provide our customers with the best possible security protection. By leveraging the security infrastructure of AWS and implementing best practices, we are confident in our ability to keep our customers' data safe and secure.

Access management

Spotter uses  AWS Cognito for customer authentication. This service allows us to create and manage our own set of native Cognito users, as well as utilize its capabilities to connect with Azure Single Sign-On (SSO). This means that our customers can choose to authenticate using their existing Azure Active Directory credentials, providing an additional layer of security and convenience.

Using Azure SSO, customers can easily manage access to Spotter service through their existing identity management system, without the need to create and maintain separate user accounts.

SSO integration automatically utilizes any Multi-Factor Authentication (MFA) enabled in customer tenant which provides an additional layer of security by requiring users to provide a secondary form of authentication, such as a fingerprint or code sent to a mobile device.

All of these authentication measures are designed to keep our customers' data safe and secure, while also providing a convenient and streamlined user experience.

Data Protection

At Cloud2, the security and privacy of our clients' data is of the utmost importance. That's why we have implemented robust measures to ensure the protection of sensitive information in Spotter.

Data collection

Data gathering in the context of Spotter refers to collecting information about a customer's cloud environment. For example, the data gathered by Spotter includes information about cloud cost, compliance, and sustainability. It is important to note that the data collected by Cloud2 is metadata, not the actual customer data stored in the cloud.

Metadata refers to information about data, such as its location and services it resides, but not the actual data itself. For example, in the context of Spotter, the metadata gathered includes information about the customer's cloud environment, such as the cost of running their cloud resources, the compliance of their cloud environment with regulations, and the sustainability of their cloud environment in terms of energy usage and carbon emissions.

The distinction between customer data and metadata is important because customer data is typically more sensitive and requires higher security protection than metadata. By focusing on gathering and managing metadata, Spotter can provide customers with valuable information about their cloud environment while minimizing the risk of compromising customer data.

In conclusion, data collection in the context of Spotter refers to collecting metadata about a customer's cloud environment, not the actual customer data stored in the cloud.

Cloud2 prioritizes security and implements robust measures to protect customer data gathered by Spotter. The service uses AWS IAM, a highly secure platform for managing access to sensitive data, to ensure that all access to the service is secure and controlled. Only authorized personnel with proper permissions are able to access data, reducing the risk of unauthorized access.

Encryption: All data is encrypted using the Advanced Encryption Standard (AES-256) encryption, ensuring that customer data is protected at all times, both at rest and in transit.  This helps to protect sensitive information from unauthorized access or theft.

Access Controls: Access to sensitive data is restricted through the use of secure access controls and multi-factor authentication. Only authorized users with a valid need-to-know can access the data, ensuring that confidential information is kept secure.

Threat Detection and Response: Our systems are regularly monitored for potential security incidents, and we have processes in place to respond quickly and effectively to any potential threats. This helps to minimize the risk of data breaches and ensure the continued protection of sensitive information.

Security Audits and Penetration Testing: Spotter undergoes regular security audits and penetration testing to ensure the security of our systems and processes. This helps to identify and address any potential vulnerabilities and maintain the highest level of protection for our clients' data.

Integrations

Cloud2 Spotter is designed with security and compliance in mind. One key aspect of this is ensuring that data collected by Spotter is protected and kept private. To that end, integrations with the Spotter service do not have the right to retrieve any customer data. This means that these integrations cannot access the customer's data, such as blob storage, databases, or logs. This is achieved through strict access controls and limited permissions, which are regularly reviewed and audited to ensure compliance with industry standards. Additionally, Spotter does not gather any data related to the EU General Data Protection Regulation (GDPR) or any sensitive information, further reducing the risk of data breaches or unauthorized access.

Azure

The information gathered by Spotter is limited to metadata related to the Azure environment, which enables the service to perform its functions and provide customers with valuable insights and analysis. Specifically, Spotter integrates and gathers data with the following Azure services:

  • Azure Resource Manager: Subscriptions, Resource Groups, and Resource information

  • Azure Cost Management: Cost information

  • Azure Advisor: Right-sizing and cost optimization recommendations

  • Azure Policy: Policy-based security and compliance information

More info about the Azure integrations

AWS

The information gathered by Spotter is limited to metadata related to the AWS environment, which enables the service to perform its functions and provide customers with valuable insights and analysis. Specifically, Spotter integrates and gathers data with the following AWS services:

Spotter integrates with the following AWS services

  • AWS Organizations

  • AWS IAM

  • AWS Cost Explorer

  • AWS Config

  • AWS Security Hub

  • AWS Trusted Advisor

More info about the AWS integrations 

GCP

The information gathered by Spotter is limited to metadata related to the GCP environment, which enables the service to perform its functions and provide customers with valuable insights and analysis. Specifically, Spotter integrates and gathers data with the following GCP services:

Spotter integrates with the following GCP services

  • BigQuery

  • Security Command Center

  • Recommender

More info about the integration

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close