INTRODUCING SENSORYCLOUD.AI PART 4: Cloud Security

Great cloud security is a broad concept that many companies strive to achieve, yet few know exactly what that means for their product, as there is no playbook and every product’s needs are unique. Not to mention, in many circumstances cloud security is an afterthought, a box to be checked, a formula to appease the SOC2 auditors.

When creating the SensoryCloud, establishing “great cloud security” was a top priority. The SensoryCloud team hails from a cloud security background, and therefore designed the cloud with security as the foundation. After building a solid security framework, SensoryCloud was developed to provide superb machine learning services that Sensory customers and partners have come to know and love.

Security is in the details. Imagine the concept of physical security as an approach to security in the cloud. In the world of physical security, it is critical to understand all the entry points to a building. Every door, vent, and turnstile must have some level of monitoring and intrusion detection. Every public entry point must require a badge that is both unique to a user and rotatable. Cloud security is no different, though fortunately the tools to implement it are better and orders of magnitude more secure. With SensoryCloud, the Fort Knox level security stems from a deliberately layered approach to security.

 

Cloud Security Layers

A layered approach to cloud security.

Application security is the first layer or line of defense in SensoryCloud, and it protects against attacks such as denial-of-service (DoS), Malicious Data Injection, and machine-in-the-middle attack (MITM). For the first two types of attacks, SensoryCloud employs a web application firewall (WAF), and for MITM attacks client-side certificates protect data in-transit.

The next layer, network security, enforces distinct layers of access. The load balancer subnet acts as a single point of entry from the public internet. Traffic from the load balancer is routed to the non-public application layer. Finally, important user data is buried in a third layer that can only be accessed via the application layer. This multi-layered approach is a tried-and-true approach that utilizes industry best practices.

 

Network Security

Network security enforces distinct layers

API security is implemented by way of utilizing OAuth2 and OWASP design principles. OAuth signing keys rotate at regular and frequent time intervals and are only stored in memory on SensoryCloud OAuth servers.

The final security layer implemented is the data layer; a major differentiator of the SensoryCloud. Not only is the Bcrypt algorithm employed to hash all credentials stored in the SensoryCloud database, if customers choose to deploy SensoryCloud themselves, the data is kept entirely on customer servers. SensoryCloud believes your data belongs to you and only you!

Visit SensoryCloud.ai and explore our latest demos today.