Cisco Cloudlock Data Storage Overview
This is an overview of the data storage practices of Cloudlock, Inc., as embedded in Cisco Cloudlock. In general, Cloudlock stores metadata but not customer data. See the following sections for details.
Table of Contents
Usernames and Credentials
Usernames and credentials are generally not stored. In some cases storage of usernames and/or emails is required. For example, Cloudlock does retain the email address of the primary administrator for each customer’s instance of our application. Other than those specific cases, however, Cloudlock does not generally collect or store usernames or credentials. Cloudlock uses identity providers such as Google, OneLogin, and others to validate credentials. OAuth2 or SAML are used for login. Users log into their own domains, but not through Cloudlock.
Metadata
Some metadata is stored. Cloudlock collects the metadata from protected platforms in order to provide identifying information within Incidents. Metadata may include items from the following list, which applies to documents, objects, and assets, depending on the protected platform.
**For protected Documents, Objects, or Assets:
- Name
- Document or Object ID
- Owner’s email address
- Collaborators’ email addresses and access rights
- Attributes (for example, file type, object type, last modification time, creation time, size, etc.)
For Cloudlock Incidents: - Audited actions performed on an object triggering an incident (the object itself is not stored by Cloudlock)
For protected platforms: - Domain, organization name and subdomain names, if any.
- Usernames associated with the domain, including internal and external collaborators
**Exporting and/or deleting metadata - All reports and related information within Cloudlock can be exported at any time.
- Upon termination of any contract with Cloudlock, metadata will be deleted if required.
Metadata Stored by Cloudlock
Category | Item | Description |
---|---|---|
account | Cloudlock primary administrator email address | |
app | app_name | The name of an AFW app |
app | app_creator | The ID of the app creator |
app | description | Description of the AFW app |
app_event | event_date | Date on which an AFW app event occurred |
app_event | event_type | The type of AFW app event which occurred |
app_event | description | Description of the AFW app event |
app_event | event_by | Username of the user who triggered the AFW app event |
app_install | install_date | The date the application was installed into the domain |
app_install | state | Whether or not the app is currently installed |
app_install | updated_on | The date the installation was updated |
app_install | install_type | The type of installation which occurred |
audit | origination_value | Unique ID associated with an auditable action taken by a user within Cloudlock |
audit | when | The date and time that an auditable action was taken by a user within Cloudlock |
audit | details | Specific details of an auditable action taken by a user within Cloudlock |
entity | name | The name of a document, event or app installation |
entity | extra | Additional vendor-specific metadata describing an installation |
entity | vendor_subtype | The filetype of a document |
entity | created_on | Date the entity was created by the vendor |
entity | updated_on | Last modified date recorded from vendor |
entity | viewed_on | Last viewed date recorded from vendor |
entity | entity_status | The status of an object from a vendor (existing, deleted, etc) |
entity | deleted_on | Date the vendor recorded this entity as deleted |
entity | last_scan_id | The change ID from the vendor |
incident_detail | extra | Vendor-specific customer metadata describing an object that triggered an incident |
incident_notes | note | A customer-specified note associated with an incident |
incident_notification_log | subject | The subject of an email that was sent |
incident_notification_log | to_addresses | The addresses the email was sent to |
incident_notification_log | cc_addresses | The cc addresses the email was sent to |
incident_notification_log | bcc_addresses | The bcc addresses the email was sent to |
incident_notification_log | custom_message | The custom message that was in a sent email |
incident_notification_log | reply_to | The reply to addresses associated with the sent email |
incident_notification_log | extra | Extra metadata associated with the sent email |
ip_library | name | The customer specified name of a known IP address |
ip_library | description | The customer specified description of a known IP address |
ip_library | location | The geographical coordinates of a known IP address |
ip_library | ip_address | A known IP address |
mail_notification_action | to | Recipient(s) of an email notification response action |
mail_notification_action | cc | CC’ed recipient(s) of an email notification response action |
mail_notification_action | bcc | BCC’ed recipient(s) of an email notification response action |
mail_notification_action | reply_to | Email address of the administrator the recipient can reply to |
organization | name | The name of the organization (usually a domain name) |
organization_asset | url | The url that the vendor asset is located |
organization_asset | key | The unique identifier from the vendor |
organization_group | value | A user or group name |
organization_group | vendor_id | A unique ID associated with the user or group |
organization_group | given_name | A user’s given name |
organization_group | family_name | A user’s family name |
organization_group | extra | Additional metadata associated with a user or group |
organization_group | type | Whether the record references a user or a group |
organization_group | created_on | The date that a user or group was created |
organization_group | status | The status of the group or user (active, inactive, etc) |
Cloudlock Monitoring
Cisco Cloudlock uses in-memory monitoring to audit protected platforms. No files or content are saved, kept or stored anywhere. The only data Cloudlock retains is the meta data listed above along with a redacted snippet of the flagged data.
For example upon detection of a credit card only the following would be recorded: “XXXXXXXXXXXX6899”
Further information on our security procedures can be found in the Cloudlock Trust Center.
Updated over 1 year ago