Security & Compliance
Key questions for security and compliance.
Example Questions
- Do we have security groups permitting SSH from 0.0.0.0/0?
- Which IAM policies were manually created in the AWS console?
- Are there any unencrypted S3 buckets?
- Who approved the last security group change?
- Are all IAM users using MFA?
- Are there any public S3 buckets?
- Are there any expired or soon-to-expire SSL/TLS certificates?
- Which accounts have unused or stale access keys?
FAQ
What cloud access permissions does Anyshift require?
Anyshift requires read-only access to your cloud resources. We recommend using role-based access with least privilege. For Kubernetes, we use a lightweight agent with minimal permissions. For GitHub/GitLab, you can specify which repositories Anyshift can access.
Does Anyshift support on-premises deployment?
Yes, for enterprise customers with strict data residency requirements, we offer deployment options that keep your data within your infrastructure boundaries.
Is Anyshift SOC 2 compliant?
Anyshift is in the process of obtaining SOC 2 compliance to ensure the highest standards of security and data protection.
Security
Learn how Anyshift secures your infrastructure data
Anyshift is currently in the process of obtaining SOC 2 compliance to ensure the highest standards of security and data protection for our customers.
Does Anyshift have access to my infrastructure data?
Anyshift creates a digital twin of your infrastructure to provide intelligent insights. Our platform requires limited, permission-controlled access to your infrastructure components.
When using Anyshift, infrastructure data is securely analyzed on our platform. No human at Anyshift will ever manually access your raw infrastructure data, and we do not use your data to train AI models.
All customer data is protected using industry security best practices including encryption in transit and at rest, strict access controls, and secure data isolation between customers.
How does Anyshift handle AI and data sovereignty?
Anyshift uses a hybrid approach combining deterministic analysis with AI capabilities:
- We maintain a strict agreement with our AI provider (Anthropic) that prevents any customer data from being used to retrain their models
- For customers with strict data sovereignty requirements, we offer deployment options that keep sensitive data within your infrastructure
- The AI analysis is performed with appropriate safeguards to ensure your infrastructure data remains protected
Our system is designed to provide accurate infrastructure insights while respecting data privacy and security requirements.
How does Anyshift isolate customer data?
We implement strict data isolation mechanisms to ensure that no customer can access another customer’s data:
- Dedicated resources for enterprise clients
- Strong access controls and authentication mechanisms
- Encryption of data both in transit and at rest
- Regular security audits and penetration testing
Our architecture is built with multi-tenancy security as a foundational principle.
I have more questions about security.
Please send an email to security@anyshift.io or schedule a call with our security team to discuss your specific requirements.