We treat security as infrastructure, not an afterthought. From encryption in transit to continuous compliance monitoring, every layer of CloudRift is built to protect your workloads and data.
We are actively pursuing SOC 2 Type II certification. Continuous compliance monitoring is powered by Vanta, covering security, availability, and confidentiality controls audited against AICPA Trust Services Criteria.
View Vanta Trust ReportMonitored by Vanta
Security Practices
Security is infrastructure at CloudRift, not an afterthought. Every layer is built to protect your workloads and data.
All data is encrypted with TLS. No plaintext traffic leaves our network boundary.
Workloads are deployed in isolated VPCs with network segmentation that limits blast radius and prevents lateral movement between tenants.
SSO and MFA are enforced for all internal systems with role-based access control.
Continuous automated scanning across infrastructure and dependencies for proactive vulnerability detection and remediation.
We welcome responsible disclosure. Security researchers are recognized and rewarded.
Documented incident response plan with defined escalation paths, notification timelines, and post-incident review processes.
You control the isolation boundary — containers, VMs, or dedicated bare metal — to match your compliance requirements.
Centralized audit logs for all privileged access provide a tamper-evident record for security review and incident investigation.
Running a vendor review? We can provide our latest Vanta trust report, compliance evidence, and security questionnaire answers.