CloudSkiff is hosted on AWS. AWS datacenters are secure by design. They continually audit, track & monitor physical access to the locations, decommission storage drives using techniques detailed in NIST 800-88.
AWS is certified ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015 for most of their services.
- Here's the complete list: https://aws.amazon.com/compliance/iso-certified/
- Here's a link to AWS Security & Compliance documentation: https://aws.amazon.com/compliance/data-center/controls/
Customer Data Encryption
Passwords and Credentials
- Passwords are never stored in any form on our side and authentication is certified for all major security standards: ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 by Firebase Authentication.
- Cloud Providers credentials are salted and encrypted with a bi-directional solution using an independent secure system (AWS KMS). We use Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit keys. KMS is PCI/DSS Level 1 compliant, FIPS 140-2 compliant. All credentials are kept that way in our database.