Security at CloudRift
We treat security as infrastructure, not an afterthought. From encryption in transit to continuous compliance monitoring, every layer of CloudRift is built to protect your workloads and data.
SOC 2 Type II — In Progress
We are actively pursuing SOC 2 Type II certification. Continuous compliance monitoring is powered by Vanta, covering security, availability, and confidentiality controls audited against AICPA Trust Services Criteria.
View Vanta Trust ReportMonitored by Vanta
Security Practices
Built Secure by Default
Security is infrastructure at CloudRift, not an afterthought. Every layer is built to protect your workloads and data.
Encryption in Transit
All data is encrypted with TLS. No plaintext traffic leaves our network boundary.
Network Isolation
Workloads are deployed in isolated VPCs with network segmentation that limits blast radius and prevents lateral movement between tenants.
Access Control
SSO and MFA are enforced for all internal systems with role-based access control.
Vulnerability Scanning
Continuous automated scanning across infrastructure and dependencies for proactive vulnerability detection and remediation.
Bug Bounty Program
We welcome responsible disclosure. Security researchers are recognized and rewarded.
Incident Response
Documented incident response plan with defined escalation paths, notification timelines, and post-incident review processes.
Workload Isolation
You control the isolation boundary — containers, VMs, or dedicated bare metal — to match your compliance requirements.
Audit Logging
Centralized audit logs for all privileged access provide a tamper-evident record for security review and incident investigation.
Request a Security Report
Running a vendor review? We can provide our latest Vanta trust report, compliance evidence, and security questionnaire answers.