Cloud9 Security Policy

Cloud9 & Security

Cloud9 understands that the confidentiality, integrity, and availability of our customers' information are vital to their business operations and our own success. We use a multi-layered approach to protect that key information, by constantly monitoring and improving our application, systems, and processes to meet the growing demands and challenges of security.

To report security issues or possible abuse, please contact one of our support engineers or send a report to security@c9.io


Policies

Cloud9 has privacy and security-conscious policies that apply to all of our information handling practices.

  • Contractual Privacy Protection for Customers Cloud9's contracts include confidentiality provisions that prohibit us from disclosing customer confidential information, including Customers Content and Personal Data, except under certain narrowly defined circumstances, and when required by law. Customer Content refers to the definition in section 3.2 of our Terms and Service Agreement. Personal Data refers to section 4 of our Privacy Policy. Customer Data includes both Customer Content and Personal Data.

    Cloud9 agrees not to access customer's accounts, regarding Customer Content, except to maintain the service, prevent or respond to technical or service problems, to respond to requests that customer makes, or where required by law.

    Cloud9 agrees not to access customer’s accounts, regarding Personal Data, except to respond to requests that customer makes, to aid us in serving the customer better, or where required by law. For a more detailed overview of how we use customer’s Personal Data please refer to section 5.1. of our Privacy Policy.

  • Code of Conduct, Confidentiality Agreements, and Information Security Policies Every Cloud9 employee and contractor must follow Cloud9's code of conduct, sign confidentiality agreements, and follow Cloud9's information security policies.

  • Privacy Statement For information collected on Cloud9's website, Cloud9 provides assurances around the types of information collected, how that information may be used, and how that information may be shared.

    Cloud9 offers individuals the opportunity to manage their receipt of marketing and other non-transactional communications. Cloud9 offers individuals the opportunity to update or change the information they provide.

  • Practices Cloud9's comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.

  • Internal Training and Communications for Cloud9 Personnel Cloud9 regularly communicates with our personnel about our obligation to safeguard confidential information, including customer data and personal information. Cloud9 provides training around confidentiality, privacy, and information security for all new employees during its new hire orientation.

  • Customer End User Awareness Cloud9 strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks. We communicate with our customers about current issues and trends through our website. We email end users about specific security issues when warranted.

  • People Cloud9 has multiple organizations, teams, and individuals responsible for security and security-related matters. The Cloud9 security team includes members from multiple teams and is responsible for Cloud9's security program and personnel, including information, product, and corporate security, enterprise risk management, and technology audit & compliance. Additionally, all Cloud9 personnel are required to follow Cloud9's confidentiality, privacy, and information security policies

  • Technology Cloud9 maintains a comprehensive array of technical measures to protect the Cloud9 service and offers a robust set of customer-controlled settings to further heighten privacy and security protection.

  • Default Privacy and Security Features Application features that protect customer data:

    • Connection to the Cloud9 service is via secure socket layer/transport layer security (SSL/TLS), ensuring that our customers have a secure connection to their data. Individual user sessions are uniquely identified and re-verified with each transaction.
    • Customers passwords are not accessible by Cloud9 personnel.
    • Application logs record the originating user, timestamps, and originating IP address for every request completed.
    • Logical separation of customer data: Server and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only its related information.
    • Network security measures:
      • Multiple layers of external and internal firewalls
      • Operations engineers access servers using a VPN
      • Intrusion & abuse detection sensors
      • Security event management system
      • Regular external vulnerability scanning
    • Redundancy, Scalability, and Multi-Region support The Cloud9 service is highly scalable and redundant, and distributed over multiple world-wide regions. It allows for fluctuation in demand and expansion of users while greatly reducing the threat of long-term outages. Load-balanced networks, pools of application servers, and clustered databases are features of our design.
    • Customer-Controlled Privacy and Security Settings Customers may determine which of their respective designees can access different categories of data.

Secure data centers

Our service is hosted on Google Compute Engine (GCE). GCE has completed ISO 27001, SSAE-16, SOC 1, SOC 2, and SOC 3 certifications. For more information about security in the Google cloud see also https://cloud.google.com/security/.