Trust Center – Security and Data Protection
Today, businesses of all sizes across every industry are increasing their digital footprint, and the need for increased security is a top priority for all. At KloudLift, we prioritize the security of your data in everything we do. All of our products, services, and infrastructure incorporate security functions that enhance the protection of data at each layer. KloudLift invests in equipment and technology to continually improve this security, allowing us to protect both our operations and your business. Below is an overview of KloudLift’s security practices across people, processes, and technology.
People: Organizational Security
KloudLift operates on strict policies and procedures regarding access to and the use, disclosure, and transfer of customer data. The core of our privacy program is that our employees do not access, use, disclose, or transfer customer data unless it is in accordance with a contractual agreement or at the specific direction of the customer.
Criminal Background Checks, Personal References, and Skills Testing
Each candidate applying to work with us is vetted through personal and professional references. Throughout their interview process, we validate their experience through expansive skills testing before offering them a role at KloudLift team. Prior to hiring, every employee and consultant goes through a criminal background check.
Privacy, Compliance, and Security Training
All KloudLift employees and consultants go through extensive privacy, compliance, and security training before they are given access to any client data.
Non Disclosure Agreements
Every employee and consultant has read, reviewed, and agreed to an NDA. Signed agreements are required prior to granting access to KloudLift systems including email.
These agreements are retained, audited, and updated by our Human Resources and Legal teams. When material changes have been made to NDA details, all employees and consultants are required to review, agree, and sign an updated version of our NDA.
Ultra-Secure Admin Usernames and Passwords
We create unique and strong usernames and passwords for all WordPress administrators. These can be changed later on and we can guide you on the best practices for creating the strongest passwords.
Ultra-Secure WordPress Admin/Login URLs
WordPress default login URL is yourdomain.com/wp-admin. Even if there isn’t a visible user login link on your site, this default URL is well-known amongst bots, hackers, and scripts. By changing the default login URL to a unique and secure one, KloudLift and its customers are less of a target and better protected against brute force attacks.
Process: In Zero We Trust
Security threats evolve over time and our abilities must constantly be sharpened to be effective in securing our business. KloudLift is dedicated to the ongoing education and training of our employees in the realm of digital security. Our Security team is responsible for:
- Formulating, maintaining, and updating our internal privacy policies, procedures, and tools to protect the privacy of personal data handled by employees and partners on behalf of KloudLift
- Monitoring compliance with our customer-facing privacy policies
- Ensuring that privacy commitments made to our customers, partners, and employees are met
- Maintaining our certifications and regulatory-compliance obligations
- Training staff on our privacy program, monitoring changing data privacy laws across the globe, and making necessary updates and modifications to our privacy program.
Technology: Services Security
While KloudLift takes care of the initial setup of our services, you are ultimately in control of your company’s data. This means that you have full control of the data entered into our services, as well as all setup and configurations. We use all of our technology service offerings internally so that our customers benefit from the same level of security that KloudLift enjoys – along with our security knowledge and experience.
Google runs one of the most secure and reliable cloud infrastructures in the world. It is continuously monitored to ensure the protection of your data and that it is available when needed. Data is distributed across multiple data centers, so that in the event of a fire or disaster, it can be automatically and seamlessly moved to stable and secure locations. From automatic updates to spam blockers, security is the core of Google services. KloudLift uses Google Workspace internally and for our customers, ensuring that your business suite is just as secure as ours.
Each time you sign into your Google Account, you’ll need your password and a verification code. Learn more. Enter your password and a unique verification code that’s sent to your phone. Even if someone else gets your password, it won’t be enough to sign in to your account.
AWS is designed to help users build secure, high-performing, resilient, and efficient infrastructure for all applications. World-class security experts who monitor the AWS infrastructure also build and maintain their broad selection of innovative security services, which simplifies meeting security and regulatory requirements. AWS security services and solutions are focused on delivering the following key strategic benefits critical to helping implement our organization’s optimal security posture:
Define user permissions and identities, infrastructure protection and data protection measures for a smooth and planned AWS adoption strategy.
Gain visibility into your organization’s security posture with logging and monitoring services. Ingest this information into a scalable platform for event management, testing, and auditing.
Automated incident response and recovery to help shift the primary focus of security teams from response to analyzing root cause.
Leverage event driven automation to quickly remediate and secure your AWS environment in near real-time.
Virtual Private Network (VPN)
AWS Virtual Private Network solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN consists of two services: AWS Site-to-Site VPN and AWS Client VPN. Together, they deliver a highly-available, managed, and elastic cloud VPN solution to protect your network traffic.
WordPress is an open source software which is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, KloudLift will to manually initiate the update. WordPress also comes with thousands of plugins that users can install to improve performance, add capabilities and customize their WordPress instance. These plugins and themes are maintained by third-party developers which regularly release updates as well. KloudLift ensures that your WordPress core, plugins, and theme are up to date and secure. We use WordPress for our client projects as well as our internal projects, ensuring that your security is as strong as ours.
iThemes Security Pro Plugin
iThemes Security Pro works to fix common WordPress security issues you may not know exist. By adding an extra layer of protection, iThemes Security Pro helps give you peace of mind—and keeps the bad guys out in several ways:
- Banning IP addresses of known hackers so that they can’t access your website
- Mandating the use of strong passwords for all accounts
- Monitor all files for unauthorized changes
- Hiding and obscuring system information regarding your WordPress installation from public view
- Locking out users after a certain number of unsuccessful login attempts
- Sending you email notifications about any potentially suspicious activity on your website/li>
- Requiring SSL for your dashboard and any post or page
- Scanning your site for malware, viruses, and suspicious code
We provide transparency into the geographical regions where our customers’ data is stored and processed.
KloudLift and our customers must comply with various international privacy regulations. Common privacy principles throughout jurisdictions include notice, choice, access, use, disclosure, and security. KloudLift achieves compliance with international privacy regulations by maintaining a comprehensive, written information-security program that contains technical and organizational safeguards designed to prevent unauthorized access to and use or disclosure of customer data.