Security is a critical requirement for placing your data privacy in Cloud App Security. Certified by ISO 27001, ISO 27014, ISO27034-1, ISO 27017, SOC 2 Type 2 reports, and SOC 3 reports, Cloud App Security ensures that your data is protected and used in a transparent manner while providing advanced protection for each supported cloud application or service.
The efforts to implement privacy and data protection measures fall into the following areas:
  • Cloud App Security follows mature and stringent product development processes and utilizes industry-leading tools and methodologies to perform source code defect scan and vulnerability scan, executing professional penetration tests by Trend Micro InfoSec team, thus to ensure the service itself robust yet secure.
    It is hosted in a multi-tenant environment using the solid database service and applies access control policies that protect your Cloud App Security data and sensitive information from unauthorized access. In a mature multi-tenant SaaS architecture, sufficient security checks are adopted to ensure data security, data segregation and prevent access to data of one tenant by users from other tenants.
  • Cloud App Security is designed by taking a "privacy by design" approach.
    "Privacy by design" is an approach to projects that promotes privacy and data protection compliance from the start. Cloud App Security does not store your original contents, for example, email messages and files, during scanning and discards them upon completion. It stores quarantined objects within your own cloud application storage.
    When you use Inline Protection for Exchange Online, Cloud App Security stores quarantined objects in its own storage.
    At the same time, cache data that Cloud App Security builds is just a hash value and cannot be converted back into original email messages or files. Cloud App Security communicates with supported cloud applications and services using web services over HTTPS.
  • Cloud App Security is hosted on Microsoft Azure data centers.
    Its cloud sandbox service is hosted in different regions based on each Cloud App Security serving site. For more information on the geographic locations of Cloud App Security data centers, see Data Center Geography.
    Cloud App Security and its cloud sandbox service in different sites operate independently and are not interconnected for data residency, privacy, and sovereign considerations, and your data will always stay within your own site and cannot be replicated by other sites.
    To protect privacy during service operation, the Cloud App Security team applies mature operational practices, including management console access control, operation monitoring and auditing.