Cloudivize Authentication



Cloudivize gives high attention to security and protecting customer data. We put extreme measures to protect data stored within Cloudivize or managed by it

Cloudivize stores only Connection Information, Metadata and User Configurations. We do not store any AWS or Azure related data. Cloudivize accesses your account assets online and do not store it at our side at all

Cloudivize has two authentication options

  1. Local user: At this mode, the user identity is provided by Cloudivize. This identity is encrypted and highly protected

  2. Using Amazon credentials: At this mode, we connect online to Amazon identity provider and authenticate the user against that. So the user credentials are kept and protected by Amazon not Cloudivize

Data Protection

Cloudivize stores only Connection Information, Metadata and User Configuration information. This data is stored at high encryption protocols at multiple levels of encryption.

Cloudivize does not store customer assets or any other information about the asset, it is fetched from the customer Cloud Account at runtime and not cached nor stored at Cloudivize side.

AWS Account Credentials

Customers associate AWS Accounts to Cloudivize by providing Cross-Account IAM Role, this is the recommended method by AWS since it the most secured way to allow access to AWS assets between SaaS platforms (as Cloudivize) to the customer AWS account.

The usage of External ID, increase the security level even more. this External ID is unique for each customer. Thus, when defining the IAM Role, you take to steps to increase Trust Relationship:

  1. You control the IAM Role policy. you allow or deny as you need

  2. You allow only Cloudivize account to use the give IAM Role. It can't be used elsewhere.

  3. External ID is unique for your account and known only to Cloudivize. Connection to your account using the given IAM Role will not be possible without this External ID

This mode of using IAM provide the customer a full control about how Cloudivize connects to his AWS Account. So, customer can add or remove any permissions to his Role Policy, and Cloudivize will act accordingly.

Customers that uses IAM role with Read-Only policy will be able to have full viewing control at Cloudivize, but will not be able to operate or modify assets, till allowing the needed permission at his policy.

When Cloudivize connects to an AWS Account, it identifies the session by "Cloudivize-Session", so any activity that done by the user within Cloudivize can be tracked at CloudTrail with the above session name.

Azure Account Credentials

The usage of Azure AD Application ID is the recommended method to externally connect to Azure account by Microsoft Azure.

It provides a highly secured method and provides full control of the connection security at the Azure account administrator, where he can control the level of security he is providing to the defined application (by tuning the Application Role). In addition, the usage of Application Secret, provide additional level of security to avoid any session hijacking.

AWS Security Certification

All Cloudivize system components are running within AWS data centers. So all AWS certifications applies to it too