Security

CloudPi security

CloudPi is designed to help teams understand cloud usage, cost, inventory, and governance posture without becoming a control risk inside the environment it monitors. This page is intended as a concise security overview for procurement, platform, IT, and security review.

Access model Data protection Operational safeguards Security FAQ

Least-privilege access CloudPi is intended to work through read-only or view-oriented access for analytics and visibility workflows.

Encrypted handling Public messaging states that data is protected in transit and at rest using standard safeguards.

Review-friendly posture This page is written to support security and procurement review without overstating unsupported claims.

Access Model

CloudPi is positioned as a low-blast-radius integration.

The central security question for most evaluators is what permissions are required and what the platform can do with them. CloudPi's public posture is strongest when access remains observational rather than operationally invasive.

Expected access scope

CloudPi is positioned to retrieve usage, billing, inventory, and configuration-related information for analytics, reporting, optimization, and governance visibility.

Why buyers care

Read-only or view-oriented access reduces blast radius, supports separation of duties, and simplifies internal approval review compared with broader control-plane permissions.

Read-only cloud account access Used to analyze cloud environments without requiring broad mutation rights over customer resources.

Scoped service roles Roles should include only the permissions required for viewing data and should avoid modification rights wherever possible.

Provider-specific review AWS, Azure, and GCP permissions should be reviewed during onboarding so access aligns with internal security standards and approval workflows.

Data Protection

CloudPi's public security and privacy posture should be read together.

The current public posture is based on encrypted handling, limited-access integration, and review of collected cloud and account data within the privacy policy.

Data in transit	Public messaging states that data is protected in transit using standard safeguards.
Data at rest	Public messaging also states that data is protected at rest, which is important for usage, billing, and configuration-related information.
Data scope	CloudPi is intended to retrieve cloud usage, cost, inventory, and configuration-related information to support reporting, optimization, and governance workflows.
Privacy alignment	Security review should be done together with privacy review so collection, use, and handling expectations are evaluated in one place.

Operational safeguards

CloudPi's public materials point toward regular review, operational checks, and a narrow-access posture rather than a highly privileged control-plane model.

Ongoing review Cloud integrations are not one-time trust decisions. Review cadence is part of maintaining posture as environments and requirements evolve.

Operational predictability Buyers should expect clarity around onboarding setup, access scopes, and how the platform behaves in customer environments.

Governance and auditability

CloudPi's broader product story includes governance, policy controls, approval workflows, and audit-oriented operations, which supports more accountable and reviewable operating processes.

Role-oriented access thinking Role-based access and auditability support stronger separation of duties across finance, engineering, and platform teams.

Workflow traceability Approval routing, policy workflows, and governance visibility can make decisions easier to review than ad hoc processes.

This page should be treated as a public security overview, not a complete trust center. It avoids claiming named certifications or compliance standards that are not clearly evidenced in the current public materials and instead focuses on access model, data handling, operational safeguards, and review-oriented controls.

Security FAQ

Questions buyers usually ask first.

These answers are intended to support an initial security review before deeper questionnaire or architecture discussions.

Does CloudPi require write access?

The current public positioning emphasizes read-only or view-oriented access for analytics and monitoring workflows. That reduces risk by limiting the platform's ability to modify customer cloud resources.

What kind of data does CloudPi use?

CloudPi is intended to retrieve cloud usage, cost, inventory, and configuration-related information so teams can understand spend, optimize resources, and strengthen governance across environments.

How is data protected?

Public messaging states that data is protected in transit and at rest using standard encryption practices, with broader safeguards reinforced through privacy commitments and ongoing operational review.

Is this a complete trust package?

No. This page is a starting point for vendor review. Additional diligence may include permission scoping, privacy review, architecture discussion, and security questionnaire responses.

Contact CloudPi View Documentation