Security

Our Security Commitment

As an AI Agent Orchestration platform handling sensitive agent data and AI workflows, we are committed to maintaining the highest security standards. While we are working towards industry certifications (ISO 42001, SOC 2, ISO 27001), we implement universally accepted security and AI governance best practices across all aspects of our platform.

Data Encryption

Encryption in Transit

All data transmitted between your devices and CloudLense, as well as between CloudLense and your cloud providers, is encrypted using TLS 1.2 or higher. This ensures that your data remains protected during transmission over networks.

Encryption at Rest

All stored data, including cloud account metadata, cost data, and user information, is encrypted at rest using industry-standard encryption algorithms. Encryption keys are managed securely using best practices for key rotation and access control.

Access Control & Authentication

User Authentication

CloudLense uses OAuth/OIDC for secure user authentication. This eliminates the need to store passwords and provides robust identity verification. We support integration with major identity providers and enforce multi-factor authentication (MFA) where applicable.

Least Privilege Access

Our platform follows the principle of least privilege. Internal systems and personnel only have access to the minimum data necessary to provide services. Access is granted on a need-to-know basis and regularly reviewed.

AI Agent Access Control

CloudLense implements strict access control for AI agents and workflows:

• Role-Based Access Control: Granular permissions for agent management, workflow creation, and governance oversight
• Agent Isolation: Agents run in isolated environments with controlled access to external systems
• LLM API Security: Secure API key management with encryption and rotation support
• Workflow Permissions: Fine-grained control over who can create, modify, or execute agent workflows
• Human-in-the-Loop Gates: Mandatory approvals for high-risk agent actions

Cloud Cost Optimization Agents: When using our cloud cost optimization agents, CloudLense operates on a strict read-only access model for cloud accounts (AWS, Azure, GCP). Agents cannot modify, delete, or create cloud resources without explicit human approval.

Infrastructure Security

Secure APIs

All API endpoints are secured with authentication tokens and rate limiting to prevent abuse. API requests are logged and monitored for suspicious activity.

Network Security

Our infrastructure employs network segmentation, firewalls, and intrusion detection systems. We regularly conduct security assessments and vulnerability scans of our systems.

Secure Development Practices

We follow secure software development lifecycle (SDLC) practices, including:

• Code reviews and security audits
• Dependency scanning for known vulnerabilities
• Regular security testing and penetration testing
• Continuous monitoring and incident response procedures

Data Handling & Privacy

Data Collection

CloudLense collects only the minimum data necessary to provide AI agent orchestration services:

• Agent metadata (names, descriptions, configurations, workflow definitions)
• Agent execution logs and performance metrics for monitoring
• Governance audit trails for compliance and bias detection
• Workflow execution data for orchestration and optimization
• Cloud infrastructure data (when using cloud cost optimization agents)
• Account identifiers required for LLM provider and cloud provider API access

Data Processing & Storage

All data processing occurs in secure, isolated environments. Agent data is stored in encrypted databases with strict access controls. We do not process or store sensitive information like passwords, API keys, or secret credentials unless explicitly required for agent operation (and then only in encrypted form). Agent outputs and decisions are logged for compliance but can be configured for data minimization.

Data Retention

We retain your data only as long as necessary to provide our services. When you disconnect a cloud account or delete your CloudLense account, we will securely delete all associated data within 30 days, except where retention is required by law.

Data Sharing

We do not sell, rent, or trade your data. Your AI agent data and workflows are never shared with third parties except as necessary to provide our services (e.g., LLM provider APIs for agent execution, cloud provider APIs for cost optimization agents) or as required by law. All third-party service providers are bound by strict confidentiality agreements and data processing agreements.

AI Governance & Compliance Standards

While CloudLense is working towards industry certifications (such as ISO 42001, EU AI Act alignment, SOC 2 Type II, ISO 27001, and GDPR compliance), we currently implement security and governance controls aligned with these standards:

• AI Governance Standards: Our practices align with ISO 42001, EU AI Act, and NIST AI RMF for trustworthy AI systems
• Security Standards: Our security practices align with NIST Cybersecurity Framework and CIS Controls
• Cloud Provider Security: We adhere to security requirements set forth by AWS, Azure, and GCP for third-party integrations (when using cloud cost optimization agents)
• Data Protection: We are committed to protecting customer data in accordance with GDPR and applicable data protection regulations
• Ethical AI: We implement bias detection, fairness metrics, and ethical guardrails aligned with industry best practices

As our platform evolves, we will pursue formal certifications and will update this page accordingly.

AI Agent Audit Logging & Monitoring

We maintain comprehensive audit logs of:

• All agent workflow executions and decisions
• Bias detection events and compliance violations
• User authentication, authorization, and human-in-the-loop approvals
• Changes to agent configurations, workflow definitions, and governance policies
• LLM API calls and agent interactions for explainability
• Administrative actions and system changes
• Cloud account access (when using cloud cost optimization agents)

These logs are monitored for security incidents, bias detection, and compliance violations. Logs are retained in accordance with ISO 42001 and EU AI Act requirements. In the event of a security incident, we have established incident response procedures to address and mitigate any impact.

Security Best Practices for Customers

To ensure the highest level of security when using CloudLense for AI agent orchestration, we recommend:

• Use separate API keys for LLM providers specifically for CloudLense agents (do not share with other services)
• Follow least privilege principles when configuring agent permissions and workflow access
• Enable human-in-the-loop approval gates for high-risk agent actions
• Regularly review and audit agent configurations, workflow definitions, and governance policies
• Enable MFA on your CloudLense account
• Monitor agent execution logs and bias detection alerts
• Rotate LLM API keys and credentials periodically
• For cloud cost optimization agents: Use separate IAM roles/Service Principals specifically for CloudLense and monitor cloud provider audit logs

Security Incident Response

In the unlikely event of a security incident, CloudLense will:

• Immediately investigate and contain the incident
• Notify affected customers within 72 hours of discovering the incident
• Work with relevant authorities and security experts as necessary
• Provide regular updates on remediation efforts
• Conduct a post-incident review to prevent future occurrences

Security Questions & Reporting

If you have security-related questions or wish to report a security vulnerability, please contact us: