Cisco Cloudlock Data Storage Overview

Introduction

This is an overview of the data storage practices of Cloudlock, Inc., as embedded in Cisco Cloudlock. In general, Cloudlock stores metadata but not customer data. See the following sections for details.

Usernames & Credentials: Generally Not Stored

In some cases storage of usernames and/or emails is required. For example, Cloudlock does retain the email address of the primary administrator for each customer’s instance of our application. Other than those specific cases, however, Cloudlock does not generally collect or store usernames or credentials. Cloudlock uses identity providers such as Google, OneLogin, and others to validate credentials. OAuth2 or SAML are used for login. Users log into their own domains, but not through Cloudlock.

Metadata: Some Collected

Cloudlock collects the metadata from protected platforms in order to provide identifying information within Incidents. Metadata may include items from the following list, which applies to documents, objects, and assets, depending on the protected platform.
**For protected Documents, Objects, or Assets:

  • Name
  • Document or Object ID
  • Owner’s email address
  • Collaborators’ email addresses and access rights
  • Attributes (for example, file type, object type, last modification time, creation time, size, etc.)
    For Cloudlock Incidents:
  • Audited actions performed on an object triggering an incident (the object itself is not stored by Cloudlock)
    For protected platforms:
  • Domain, organization name and subdomain names, if any.
  • Usernames associated with the domain, including internal and external collaborators
    **Exporting and/or deleting metadata
  • All reports and related information within Cloudlock can be exported at any time.
  • Upon termination of any contract with Cloudlock, metadata will be deleted if required.

Cloudlock Monitoring

Cisco Cloudlock uses in-memory monitoring to audit protected platforms. No files or content are saved, kept or stored anywhere. The only data Cloudlock retains is the meta data listed above along with a redacted snippet of the flagged data.
For example upon detection of a credit card only the following would be recorded: “XXXXXXXXXXXX6899”
Further information on our security procedures can be found in the Cloudlock Trust Center.

Metadata Stored by Cloudlock

Category
Item
Description

account

email

Cloudlock primary administrator email address

app

app_name

The name of an AFW app

app

app_creator

The ID of the app creator

app

description

Description of the AFW app

app_event

event_date

Date on which an AFW app event occurred

app_event

event_type

The type of AFW app event which occurred

app_event

description

Description of the AFW app event

app_event

event_by

Username of the user who triggered the AFW app event

app_install

install_date

The date the application was installed into the domain

app_install

state

Whether or not the app is currently installed

app_install

updated_on

The date the installation was updated

app_install

install_type

The type of installation which occurred

audit

origination_value

Unique ID associated with an auditable action taken by a user within Cloudlock

audit

when

The date and time that an auditable action was taken by a user within Cloudlock

audit

details

Specific details of an auditable action taken by a user within Cloudlock

entity

name

The name of a document, event or app installation

entity

extra

Additional vendor-specific metadata describing an installation

entity

vendor_subtype

The filetype of a document

entity

created_on

Date the entity was created by the vendor

entity

updated_on

Last modified date recorded from vendor

entity

viewed_on

Last viewed date recorded from vendor

entity

entity_status

The status of an object from a vendor (existing, deleted, etc)

entity

deleted_on

Date the vendor recorded this entity as deleted

entity

last_scan_id

The change ID from the vendor

incident_detail

extra

Vendor-specific customer metadata describing an object that triggered an incident

incident_notes

note

A customer-specified note associated with an incident

incident_notification_log

subject

The subject of an email that was sent

incident_notification_log

to_addresses

The addresses the email was sent to

incident_notification_log

cc_addresses

The cc addresses the email was sent to

incident_notification_log

bcc_addresses

The bcc addresses the email was sent to

incident_notification_log

custom_message

The custom message that was in a sent email

incident_notification_log

reply_to

The reply to addresses associated with the sent email

incident_notification_log

extra

Extra metadata associated with the sent email

ip_library

name

The customer specified name of a known IP address

ip_library

description

The customer specified description of a known IP address

ip_library

location

The geographical coordinates of a known IP address

ip_library

ip_address

A known IP address

mail_notification_action

to

Recipient(s) of an email notification response action

mail_notification_action

cc

CC’ed recipient(s) of an email notification response action

mail_notification_action

bcc

BCC’ed recipient(s) of an email notification response action

mail_notification_action

reply_to

Email address of the administrator the recipient can reply to

organization

name

The name of the organization (usually a domain name)

organization_asset

url

The url that the vendor asset is located

organization_asset

key

The unique identifier from the vendor

organization_group

value

A user or group name

organization_group

vendor_id

A unique ID associated with the user or group

organization_group

given_name

A user’s given name

organization_group

family_name

A user’s family name

organization_group

extra

Additional metadata associated with a user or group

organization_group

type

Whether the record references a user or a group

organization_group

created_on

The date that a user or group was created

organization_group

status

The status of the group or user (active, inactive, etc)

Cisco Cloudlock Data Storage Overview


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.