I want to know how secure is our data/information on Comodo One Cloud.
We enrolled many devices on Comodo One cloud, hence there’s a lot of company information is on comodo servers. I want to know how Comodo is doing to protect from misuse, security breach, unauthorized access of our information, what Comodo Staff have access on our data/information. Because, access to any our accounts on C1 can be a huge risk to any company, let’s say by remoting to company pc, pushing malware through PS scripts etc.
From my side, I have made sure to keep the C1 password secret, using 2FA etc. what else I can do?
Good day. Please refer to the attached file and feel free to download and review the linked PDF below for the privacy policy. For additional information, you may refer to the forum link below. Thank you
I’ve been assured by @Ilker @ Comodo that access to data is tightly controlled and from personal experience, the L1 and L2 technicians have no access to my C1 account and data. It also seems L3 support only have access to debug logs, but Comodo staff would need to confirm this. @melih ?
Sorry but your word here is not good enough and thats not meant in a mean way.
I assure you that our clients will not take your word on a forum and I am sure they will fire us if I suggested that they do.
Can you point us to some official document regarding this issue.
Hello @smartcloud , @itguy_comodo .
First of all every customer has it’s own database so the data is fully separated. There is no even theoretical possibility to access data of another customer.
All databases are stored on encrypted drives.
All infrastructure is covered with Amazon VPC so it’s locked from outside connections.
From access perspective to data - only L3 support has audited access to logs to be able to help when problems occur.
Thanks.
I must have missed that it says Administrator under your name.
I wasnt sure if you worked here or just another user.
Do you have a sales document that explains the security for this product?
We need to show our clients that security exist. Just saying its secure does not sell much in a world where data breach is a daily news story.
Its pretty much a must have for us something that details encryption, databases, who has access, information like that.
The Comodo privacy notice thats in post number 2, will never be seen by our clients or potential clients without logos and formatting.
The security section needs to be expanded.
We will reach out to the proper channel to address your request @itguy_comodo@smartcloud (and others interested for such document). Rest assured that we will get back to you once we get word and we will also make a post about it here (or create a new topic for it). We appreciate your patience on the matter.
Funny that a security company has to ask for this, just another indicator that the staff does not understand their own business.
How about this instead:
Think about how are you going to sell this product to the business world.
What do you think a hospital, doctors office,financial institution etc will require in writing when it comes to data communication, data storage, data access, encryption,etc.
Hey, jumping a bit late to the party, but - I believe these questions may simplified with the following:
a. does Comodo as a company certified with ISO27001/SSAE/PCI/etc? do relevant audits include Comodo One?
b. do you have a white paper describing security controls in place for the environment/solution - complying with best practices?
c. do you have a published Data Protection Addendum?
d. will/can Comodo publish/share a completed security assessment questioner, relevant to Comodo One? this may be based on CSA or any other relevant questioner. i understand if this requires sending you such questioner for fulfillment upon request.
These questions are relevant for many different industries.
Thank you for your inputs. Our job is to enable you with the best know-how, data and material to support your success and sales.
@Vadym_Volyansky already mentioned the measures we took on the platform to ensure data safety. We also work on certifications and content side. Some of the are already done ( like ISO27001 ) and some of them are in progress. Unfortunately, certification and 3rd party audits are not fast processes.
Once we complete these processes, we will work on channels to enablement content for you.
So Comodo does not really have an official document on how they handle security?
Its some bits posted in this tread but no official document they publish?
I asked my Account Manager about SOC Audits a while back and if I remember correctly she said that Comodo undergoes SOC 1/2 Audits. As for the Data itself, we would need to know what Data Centers Comodo uses and see if they are compliant, which most are.