Skip to main content

Security

Securing CloudFlow's global infrastructure and your applications is an important problem to solve and we take it seriously. CloudFlow’s security practice is led by our CISSP-qualified VP of Security and encompasses areas such as compliance protocols, corporate governance, data privacy, change management, and more.

Our comprehensive Security Statement includes details with respect to all security and compliance factors at CloudFlow.

Please contact us at support@section.io if you have a security concern, or believe you’ve found a vulnerability in any part of our platform.

SOC 2 Type II Compliance

CloudFlow has successfully completed a System and Organization Controls (SOC) 2 Type II audit, performed by Sensiba San Filippo, LLP (SSF).

DDoS Protection

Network-layer DDoS protection is included by default across the entire CloudFlow network to protect against all Layer 3/4 attacks. CloudFlow’s DDoS protection includes dually redundant DDoS protection including two of the world’s largest DDoS networks.

Compute Framework Security

Container Isolation

Applications cannot view or access processes outside of their isolated environment.

Namespace NetworkPolicy Control

Kubernetes NetworkPolicies restrict communications across namespaces.

Private Repositories & Registries

Maintain your application code, configuration and deployment manifests in your own code management systems and image registries.

Security Platform Extensions

HTTP Extensions

CloudFlow supports several containerized solutions that are available for general use by CloudFlow customers and include security-focused features. These include:

  • Activate IP blocking (via CloudFlow HTTP Ingress)
  • Geo IP range blocking, and User Agent detection and blocking (via Varnish Cache)
  • TLS Certificate Management (via CloudFlow HTTP Ingress)

Additional Security Features

Geographic Delivery Control

Control delivery to locations consistent with your GDPR or other compliance requirements.

Vendor Delivery Control

Restrict delivery nodes to a specific provider consistent with your compliance and security requirements.

PCI Compliance

CloudFlow is a certified PCI DSS Level 1 Service Provider. CloudFlow utilizes Tevora a Qualified Security Assessor (QSA) to conduct an annual compliance audit and provide a PCI DSS Attestation of Compliance (AOC).

CloudFlow offers PCI DSS Level 1 Compliant Service as a premium service, enabling customers to build PCI-compliant systems that leverage all the benefits of CloudFlow.

GDPR Compliance

CloudFlow’s privacy practices align to compliance with GDPR.

Access Control

  • SSO
  • API tokens