Security at CloudM
CloudM takes a defence-in-depth approach to protecting our systems and your data. Learn more about security at CloudM.
To keep up-to-date with the latest regulations, practices, and laws, we have a team of security experts working non-stop to keep CloudM at the forefront of digital security protection.
ISO 27001
CloudM is certified as compliant with ISO 27001 certification,ISO/IEC 27001:2013, the premier global information security management system (ISMS) standard.
ISO27001 is one of the most popular information security standards in the world, focusing on protecting three key aspects of information; confidentiality, integrity, and availability.
- Confidentiality: means that the information is not available or disclosed to unauthorized people, entities, or processes.
- Integrity: means that the information is complete and accurate and protected from corruption.
- Availability: means that the information is accessible and usable as and when authorized users require it.
Cyber Essentials
CloudM is proud to be Cyber Essentials certified, a certification which is renewed annually.
The National Cyber Security Centre (NCSC) is a UK government organization set up to provide practical guidance to large organizations, SMBs and the general public to nurture the UK’s cyber security capability.
The Cyber Essentials scheme was introduced as a way for companies to gain a clear picture of the cybersecurity measures they or their suppliers have in place. While participation in the Cyber Essentials scheme is voluntary, doing so shows an organization’s commitment to keeping itself and its customers safe.
As part of our continuous efforts to achieve the highest data security standards, CloudM is proud to be Cyber Essentials certified, a certification which is renewed annually.
NCSC security principles
In addition to the Cyber Essentials scheme, the NCSC publishes guidance on a number of cybersecurity topics, such as cloud security.
The guidelines cover everything from personnel security to the physical tampering of data.
We believe that transparency in security is vital, and so have outlined exactly how CloudM meets these principles in greater detail in our knowledge base.
GDPR
CloudM is GDPR compliant.
The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
The regulation gives individuals much greater control over how organizations process and use their personal data. Personal data consists of information such as names, location, email addresses, health records and photos – essentially anything that could identify a living person.
When the UK left the EU, not much changed. The UK just kept the GDPR and made it law in Britain. It’s nearly identical to the EU version and is known as UK-GDPR.
Pen tests
New features, software updates and new attack mechanisms leave organizations susceptible to outside attacks. Penetration tests (often known as pentests) are a common tool used to find potential security risks within a computer system: they simulate a cyberattack and evaluate the system’s response.
CloudM works with a 3rd party on a regular basis to execute pentests, identify any vulnerabilities within our systems and resolve these as required. To ensure that our systems are secured against external and internal threats, our pentests include checks with full access.
Secure coding practices
Secure coding is the practice to write code in a way that prevents the accidental introduction of system vulnerabilities later and it is therefore an essential way in which software developers can protect their products and systems from cyberattacks and insider threats.
CloudM’s developers follow secure coding practices throughout the planning and development of our products and their features, significantly improving the security of our customers and our own systems.
Find out more about how CloudM can help securely move and manage your data.