Security

Your cost data deserves the same care as your cloud.

CloudOptify is built security-first: read-only access to your clouds, strict tenant isolation, private networking, and a development process that treats security as a feature — not an afterthought.

Read-only by design

CloudOptify connects to Azure and AWS with read-only access — it can analyze your cost and resource data, but it can never create, modify, or delete anything in your cloud. AWS even supports keyless access via a cross-account IAM role with external-ID protection, so no long-lived secret exists at all.

Strong identity, no passwords to leak

Authentication runs through a managed Microsoft identity platform — your existing sign-in policies, including multi-factor authentication, apply. CloudOptify never stores user passwords. Enterprise organizations add SSO and SCIM directory sync, so access follows your directory automatically.

Encryption everywhere

All traffic between your browser, the platform, and your clouds is encrypted in transit with TLS. Data at rest — cost data, configuration, tokens — is encrypted by the underlying Azure storage and database services.

Tenant isolation on every request

Every query the platform runs is scoped to your organization — data access is partitioned per tenant at the application layer, on every endpoint, every time. One customer can never see another customer’s data.

How we work

Private networking

The production environment is built on Azure with a private-by-default posture: the backend services and database are reached over private endpoints, with public network access to the data tier disabled. The only way in is through the application’s managed front door — the database is never exposed to the internet.

SQL querying, sandboxed

The SQL feature never touches the production database. Each query runs against an isolated, in-memory sandbox populated only with your organization’s data — strictly read-only, resource-limited, and discarded after the query completes. There is nothing to inject into and nothing to escalate: the sandbox contains exactly your data and nothing else.

Scoped, revocable credentials

API tokens carry explicit scopes (read / write / run), are intersected with the creator’s role, and can be revoked instantly. OAuth client secrets are stored hashed and shown only once. Every token is rate-limited, and AI-assistant access through MCP is governed by the same tokens and scopes.

Secure development lifecycle

The platform is built on current, supported frameworks with security patches applied promptly. Code goes through review and automated checks; dependencies and container images are covered by vulnerability scanning, and findings are triaged and remediated as part of normal engineering work.

Least privilege throughout

Internally, services run with the minimum permissions they need. Within your organization, role-based access (owner, admin, contributor, reader) keeps each member at the right level — and on Enterprise, roles can be driven directly from your identity directory.

Your data stays yours

Your cost and resource data is used for one thing: providing the service to you. It is never sold, never shared with other customers, and never used to train external models. Disconnecting a cloud account stops collection, and you can request deletion of your organization’s data at any time.

Found something? Tell us.

We welcome responsible disclosure. If you believe you've found a security issue in CloudOptify, write to security@cloudoptify.com and we'll investigate promptly and keep you informed.