Cloudtoolz Security
Audit Questions
Where is Cloudtoolz hosted?
All data centres used are ISO 27001 certified.
Hosting Centre UK
Leaseweb.com with dedicated servers located in Slough (724-729 Dundee Rd, SL1 4JU), United Kingdom. All data is kept in the UK
London Data Centre LON-01 | UK Data Centers | Leaseweb
Hosting Centre Germany
Strato.de with dedicated server located in Berlin and Karlsruhe. All data is kept in Germany.
Server Place im Rechenzentrum – rundum geschützt | STRATO
Hosting Centre Asia Pacific
Leaseweb.com with dedicated servers located in Unit A, 200 Bourke Road, Alexandria, Sydney, NSW 2015, Australia. All data is kept in Australia.
Sydney Data Centre SYD-11 | Australian Data Centers | Leaseweb
Hosting Centre Northern America
Leaseweb.com with dedicated servers located at 7207 Boulevard Newman, LaSalle, QC H8N 2K3, Canada. All data is kept in Canada.
Montreal MTL-02(MNE) Data Centre | Leaseweb
Infrastructure
Cloudtoolz uses a multi-tier setup:
- Webserver
- Database Server
- REDIS and Elasticsearch are on a cluster consisting of 3 servers to ensure high-performance.
The database, REDIS and elastic search servers are only accessible via internal networks.
The database connection between the application and the database server uses a SQL server user with a limited privilege set i.e., cannot access database backups, change security, decrypt database etc.
Administrators can only access the servers via VPN from whitelisted IP addresses and all servers are secured with DUO multi-factor-authentication.
All servers are monitored.
How is data stored?
Encryption
Database is encrypted at rest. Transparent data encryption is used for the MS SQL server database
Transparent data encryption (TDE) – SQL Server | Microsoft Learn
Data Retention
Personal or sensitive data is normally not held in Cloudtoolz.
If sensitive data is held, it is additionally encrypted by the middleware.
Right to forget is enabled for all user accounts.
If Cloudtoolz integrates with a CRM it follows the data retention settings as setup in the CRM.
Zentso is only a data processor and not a data controller.
Database backups
Backups of the database are kept on the database server on a separate hard drive.
Differential backups are performed at 1am.
Full backups are performed on Saturday at 1am.
Transaction Log backups are performed hourly.
External access control for the web application
The web server itself only has port 443 open.
All traffic is routed via Cloudflare.com before it hits the web server. The public IP addresses are masked behind Cloudflare preventing DDoS attacks.
User accounts are properly encrypted and hashed. ASP.NET Core user identity is used for user management and MFA is enabled by default for administration accounts.
Introduction to Identity on ASP.NET Core | Microsoft Learn
Standards to ensure security of Cloudtoolz application
Penetration Tests
Every time a major release of Cloudtoolz is released a penetration test is performed with https://pentest-tools.com