CloudBlue Cloud Marketplace Guide 2025 | Download Now

Cloud Marketplace Guide | Download Now

Get Pricing
REQUEST A DEMO

Overview

Cyber Security

Cyber Security Agreement

Security

CloudBlue is committed to following globally recognized security standards and frameworks to ensure we deliver secure and reliable services using principles and best practices established by the International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Center for Internet Security (CIS), BSIMM, OWASP ASVS, OWASP SAMM and other industry recognized security standards, frameworks, and maturity models. You can find more information below.

Cyber Security

Compliance, Regulations, Standards and Certifications

CloudBlue, being a globally operated organization, complies with different data privacy laws and regulations. We incorporate the required technical and organizational security measures and safeguard the protection of the rights of the data subject.

  • ISO/IEC 27001 Certified
  • PCI-DSS Payment Card Industry (PCI) Data Security Standards (DSS)
  • GDPR General Data Protection Regulation
  • CSA STAR Cloud Security Alliance (CSA Security, Trust, and Assurance Registry (STAR)
  • California Consumer Privacy Act (CCPA)
  • NIST Cyber Security Framework National Institute of Standards and Technology

Information Security Training

Our associates and contractors are trained in information protection, data privacy, and compliance with our information security policy.

Information Assets

All company assets (including company networks) are provided for business use. We define acceptable uses of our data and assets.

Regulatory Compliance & Data

All users must comply with laws, regulations, and compliance programs regarding the use of data, network, and computer systems. personal data should only be stored in approved company applications, it should be collected and processed only for lawful and legitimate business purposes.

Software Development Security

To bring enhanced security into the newly developed features of our digital ecosystem, our Software Development Life Cycle (SDLC) follows the Software Assurance Maturity Model (SAMM) methodology and CIS benchmarks. Our Secure SDLC ensures all security assurance activities such as penetration testing, code review, and architecture analysis are an integral part of the development effort.
  • “Secure by design” model
  • Adherence to Open Web Application Security Project (OWASP)
  • Secure Software Development Lifecycle (S-SDLC)
  • Pen Testing performed on a yearly basis

As a part of the SAMM Education and Guidance practice, R&D associates participating in SDLC are trained on how to develop and deploy secure software. Our DevSecOps methodology focuses on embedded security in all phases of CloudBlue’s Secure-SDLC.

Penetration Testing

CloudBlue IT assets undergo internal penetration testing covering internet-facing applications and business critical services. Our penetration testing methodology aligns with industry standards and common testing frameworks, such as OWASP, and in accordance with ISO 27001.

Bug Bounty Program

CloudBlue recognizes the power of security as a community. As a result, we reward security researchers who discover and report vulnerabilities in our applications and ecosystem. These are awarded based on several factors including severity and impact of the vulnerability reported. Researchers can report their findings via the Bug Bounty Submission Form.

Access and Authentication

All user requests for access privileges adhere to a formal process for access request and approval following the least privilege principle.

  • Strong password management controls and use of a password manager to store encrypted passwords online.
  • Password expiration
  • Role-based access
  • Granular roles and rights management
  • Hierarchical and relational entities
  • Multiple directory integration Strong authentication including MFA (Multi-factor Authentication) enforcement for privileged access.
  • Periodical access reviews performed to ensure Zero Trust is always considered: Never trust, always verify!

Cryptography Policy

Outlines the requirements for the proper and effective use of cryptography to protect the confidentiality, authenticity, and/or integrity of information.
  • Special process for SSL certificates management
  • Key rotation process management
  • Key generation process management
  • Advanced Encryption Standard (AES) algorithm to encrypt data at rest 1All data at the storage level is encrypted with AES256 by default. Traffic is encrypted in transit using Transport Layer Security 1.2 (TLS) with an industry-standard AES-256 cipher.

Operational Procedures and Policies

Ensure that operational procedures reflecting the Company’s position on security must be implemented to reduce the daily risks to the Company’s information systems and assets including but not limited to:
  • Change Management Formal Change Advisory Board (CAB)
  • Process follows ITIL/ITSM guidelines
  • CAB assesses, prioritizes, approves, and logs changes
  • Patch and vulnerability continuous scan
  • Backup management
  • Separation of development, testing, and operational environments
  • Continuous audits and improvement process
  • Business Continuity and Disaster Recovery

Cyber Security Agreement

Our standard Cyber Security Agreement template used as part of our new vendor selection and/or renewal process.

Download: We’re making changes to this section come back soon

Subscribe and stay updated
on the latest at CloudBlue.

By providing my Personal Data to CloudBlue and its affiliates, I agree to be contacted for marketing purposes and I acknowledge and agree to the collection and processing of my Personal Data in accordance with the Privacy Statement.

Let's talk

CloudBlue

THE MONETIZATION PLATFORM

INTEGRATIONS

SERVICES

BY OBJECTIVE

BY INDUSTRY

BY USE CASE

SUCCESS STORIES

SUPPORT

PARTNER TYPES

PARTNER MODELS

JOIN OUR NETWORK

RESOURCE CENTER

ESSENTIAL REFERENCES

Get Pricing
REQUEST A DEMO