Security

At North.Cloud, security is fundamental to everything we do. Our approach is multi-layered, with clear delineation of security responsibilities and controls at every level of our service.

Security Levels & Best Practices

Platform and Architecture Security

  • Dedicated Environments: Our AWS-based infrastructure is strictly segregated into separate environments for development, testing, and production. This ensures changes and experiments in non-production environments can never impact production or customer data.

  • Least Privilege Permissions: All IAM roles and policies are locked down using the minimum privileges required. No permission is ever granted unless it is strictly necessary for North to operate our service.

  • Internal Security Audits: Every significant new feature or architectural update undergoes internal security review to identify and address risks at design and implementation time.

  • External Security Testing: North contracts third-party SecOps professionals for regular penetration testing, including both black-box and gray-hat audits, to probe and validate the security of our production system.

  • Comprehensive Logging & Auditing: Every environment is continuously logged and monitored. Audit logs for all customer environments are maintained and can be made available for review by customers on request.

  • SOC 2 Type I Compliance: As of May 2024, North has completed its SOC 2 Type I audit. Full details of our compliance, including audit reports, are available to customers with a signed NDA—just reach out to our security team to request them.

Customer Data Segregation & Controls

Strict Account Isolation & Data Segregation

  • One Billing Account per North Account: North enforces a policy of one cloud provider billing account ID per North.Cloud account. This strict separation makes it impossible for cross-customer data access or account impersonation within our platform.

  • Root User Controls: Within each customer organization, we allow only one root North user per company domain. This increases control and minimizes the surface area for insider risk or account misuse.

  • No Data Leakage: There is no mechanism for data to transfer or be accessed between North.Cloud accounts. Customer workloads, savings plans, and reporting are all strictly isolated.

  • Request Security Info: Need more information? We provide detailed documentation and audit trails on a per-request basis for customers (subject to appropriate NDAs).

PreviousGCP permissionsNextManaged Savings Pods

Last updated

Was this helpful?