Need to Report a Security Vulnerability?
We know how critical your data is to you and that you rely on Cloud Blok for your infrastructure. We run our production servers from Cloud Bloks cloud as well and so security is at the forefront of our thoughts as it is yours.
Responsible DisclosureWe would like to keep Cloud Blok safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner.
Publicly disclosing a vulnerability can put the entire Cloud Blok community at risk. If you have discovered a possible vulnerability we would greatly appreciate you emailing us at [email protected]. We will work with you to assess and understand the scope of the issue and fully address any concerns. Any emails to [email protected] immediately are sent to our entire engineering staff to ensure that issues are addressed immediately. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.
We use only premier datacenter facilities for colocating our equipment including: Equinix, Telx, and Telecity. Each site is staffed 24/7/365 with onsite security and to protect against unauthorized entry. Each site has security cameras that monitor both the facility premises as well as each area of the datacenter internally. There are biometric readers for access as well as at least two factor authentication to gain access to the building. Each facility is unmarked so as not to draw any additional attention from the outside and adheres to strict local and federal government standards.
Credit Card Security
We hand off credit card processing to Stripe. They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information. For PayPal transactions we pass off customers directly to PayPal who is also PCI compliant.
All communications with Cloud Blok are transmitted over SSL (HTTPS) for both access to the public website as well as the API. We provide connectivity to the virtual servers via SSH and recommend that customers use SSH keys to setup their access.
Snapshot and Backup Security
Snapshots and Backups (images) are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can manage directly in how many regions their snapshots exist which allows customers to increase the redundancy of the files that are stored in the backend.
We would love to hear from you if you have any questions regarding any specific policy that could be made clearer or any general inquiries regarding security.
Please email us directly at: [email protected].