Cloud9 has privacy and security-conscious policies that apply to all of our information handling practices.
Contractual Privacy Protection for Customers
Cloud9 agrees not to access customer's accounts, regarding Customer Content, except to maintain the service, prevent or respond to technical or service problems, to respond to requests that customer makes, or where required by law.
Code of Conduct, Confidentiality Agreements, and Information Security Policies
Every Cloud9 employee and contractor must follow Cloud9's code of conduct, sign confidentiality agreements, and follow Cloud9's information security policies.
For information collected on Cloud9's website, Cloud9 provides assurances around the types of information collected, how that information may be used, and how that information may be shared.
Cloud9 offers individuals the opportunity to manage their receipt of marketing and other non-transactional communications.
Cloud9 offers individuals the opportunity to update or change the information they provide.
Cloud9's comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.
Internal Training and Communications for Cloud9 Personnel
Cloud9 regularly communicates with our personnel about our obligation to safeguard confidential information, including customer data and personal information.
Cloud9 provides training around confidentiality, privacy, and information security for all new employees during its new hire orientation.
Customer End User Awareness
Cloud9 strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks.
We communicate with our customers about current issues and trends through our website.
We email end users about specific security issues when warranted.
Cloud9 has multiple organizations, teams, and individuals responsible for security and security-related matters. The Cloud9 security team includes members from multiple teams and is responsible for Cloud9's security program and personnel, including information, product, and corporate security, enterprise risk management, and technology audit & compliance. Additionally, all Cloud9 personnel are required to follow Cloud9's confidentiality, privacy, and information security policies
Cloud9 maintains a comprehensive array of technical measures to protect the Cloud9 service and offers a robust set of customer-controlled settings to further heighten privacy and security protection.
Default Privacy and Security Features
Application features that protect customer data:
- Connection to the Cloud9 service is via secure socket layer/transport layer security (SSL/TLS), ensuring that our customers have a secure connection to their data. Individual user sessions are uniquely identified and re-verified with each transaction.
- Customers passwords are not accessible by Cloud9 personnel.
- Application logs record the originating user, timestamps, and originating IP address for every request completed.
- Logical separation of customer data:
Server and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only its related information.
- Network security measures:
- Multiple layers of external and internal firewalls
- Operations engineers access servers using a VPN
- Intrusion & abuse detection sensors
- Security event management system
- Regular external vulnerability scanning
- Redundancy, Scalability, and Multi-Region support
The Cloud9 service is highly scalable and redundant, and distributed over multiple world-wide regions. It allows for fluctuation in demand and expansion of users while greatly reducing the threat of long-term outages. Load-balanced networks, pools of application servers, and clustered databases are features of our design.
- Customer-Controlled Privacy and Security Settings
Customers may determine which of their respective designees can access different categories of data.
Our service is hosted on Google Compute Engine (GCE). GCE has completed ISO 27001, SSAE-16, SOC 1, SOC 2, and SOC 3 certifications. For more information about security in the Google cloud see also https://cloud.google.com/security/.