This is an overview of the data storage practices of Cloudlock, Inc., as embedded in Cisco Cloudlock. In general, Cloudlock stores metadata but not customer data. See the following sections for details.
Table of Contents
Usernames and Credentials
Usernames and credentials are generally not stored. In some cases storage of usernames and/or emails is required. For example, Cloudlock does retain the email address of the primary administrator for each customer’s instance of our application. Other than those specific cases, however, Cloudlock does not generally collect or store usernames or credentials. Cloudlock uses identity providers such as Google, OneLogin, and others to validate credentials. OAuth2 or SAML are used for login. Users log into their own domains, but not through Cloudlock.
Metadata
Some metadata is stored. Cloudlock collects the metadata from protected platforms in order to provide identifying information within Incidents. Metadata may include items from the following list, which applies to documents, objects, and assets, depending on the protected platform.
**For protected Documents, Objects, or Assets:
- Name
- Document or Object ID
- Owner’s email address
- Collaborators’ email addresses and access rights
- Attributes (for example, file type, object type, last modification time, creation time, size, etc.)
For Cloudlock Incidents: - Audited actions performed on an object triggering an incident (the object itself is not stored by Cloudlock)
For protected platforms: - Domain, organization name and subdomain names, if any.
- Usernames associated with the domain, including internal and external collaborators
**Exporting and/or deleting metadata - All reports and related information within Cloudlock can be exported at any time.
- Upon termination of any contract with Cloudlock, metadata will be deleted if required.
Metadata Stored by Cloudlock
account
Cloudlock primary administrator email address
app
app_name
The name of an AFW app
app
app_creator
The ID of the app creator
app
description
Description of the AFW app
app_event
event_date
Date on which an AFW app event occurred
app_event
event_type
The type of AFW app event which occurred
app_event
description
Description of the AFW app event
app_event
event_by
Username of the user who triggered the AFW app event
app_install
install_date
The date the application was installed into the domain
app_install
state
Whether or not the app is currently installed
app_install
updated_on
The date the installation was updated
app_install
install_type
The type of installation which occurred
audit
origination_value
Unique ID associated with an auditable action taken by a user within Cloudlock
audit
when
The date and time that an auditable action was taken by a user within Cloudlock
audit
details
Specific details of an auditable action taken by a user within Cloudlock
entity
name
The name of a document, event or app installation
entity
extra
Additional vendor-specific metadata describing an installation
entity
vendor_subtype
The filetype of a document
entity
created_on
Date the entity was created by the vendor
entity
updated_on
Last modified date recorded from vendor
entity
viewed_on
Last viewed date recorded from vendor
entity
entity_status
The status of an object from a vendor (existing, deleted, etc)
entity
deleted_on
Date the vendor recorded this entity as deleted
entity
last_scan_id
The change ID from the vendor
incident_detail
extra
Vendor-specific customer metadata describing an object that triggered an incident
incident_notes
note
A customer-specified note associated with an incident
incident_notification_log
subject
The subject of an email that was sent
incident_notification_log
to_addresses
The addresses the email was sent to
incident_notification_log
cc_addresses
The cc addresses the email was sent to
incident_notification_log
bcc_addresses
The bcc addresses the email was sent to
incident_notification_log
custom_message
The custom message that was in a sent email
incident_notification_log
reply_to
The reply to addresses associated with the sent email
incident_notification_log
extra
Extra metadata associated with the sent email
ip_library
name
The customer specified name of a known IP address
ip_library
description
The customer specified description of a known IP address
ip_library
location
The geographical coordinates of a known IP address
ip_library
ip_address
A known IP address
mail_notification_action
to
Recipient(s) of an email notification response action
mail_notification_action
cc
CC’ed recipient(s) of an email notification response action
mail_notification_action
bcc
BCC’ed recipient(s) of an email notification response action
mail_notification_action
reply_to
Email address of the administrator the recipient can reply to
organization
name
The name of the organization (usually a domain name)
organization_asset
url
The url that the vendor asset is located
organization_asset
key
The unique identifier from the vendor
organization_group
value
A user or group name
organization_group
vendor_id
A unique ID associated with the user or group
organization_group
given_name
A user’s given name
organization_group
family_name
A user’s family name
organization_group
extra
Additional metadata associated with a user or group
organization_group
type
Whether the record references a user or a group
organization_group
created_on
The date that a user or group was created
organization_group
status
The status of the group or user (active, inactive, etc)
Cloudlock Monitoring
Cisco Cloudlock uses in-memory monitoring to audit protected platforms. No files or content are saved, kept or stored anywhere. The only data Cloudlock retains is the meta data listed above along with a redacted snippet of the flagged data.
For example upon detection of a credit card only the following would be recorded: “XXXXXXXXXXXX6899”
Further information on our security procedures can be found in the Cloudlock Trust Center.
Updated 11 months ago