Skip to main content

🔒 Vega Cloud Trust Center

At Vega Cloud, trust is the cornerstone of our commitment to empowering businesses to optimize their cloud resources securely. Below, you’ll find an overview of our security practices, compliance certifications, and data protection measures that demonstrate our dedication to safeguarding your data.

We adhere to industry-leading standards and practices to protect the integrity, confidentiality, and availability of your data. Our security measures are designed to address evolving threats and ensure your data remains safe and secure.

🏅 Security Accreditations

SOC 2 Type 2 Certification

SOC 2 Type 2 Certified

GDPR Ready Certification

GDPR Ready

FinOps Certified Platform

FinOps Certified Platform

Vega Cloud is committed to transparency and compliance with industry standards. Relevant documentation, including certifications and audit reports, can be provided upon request under NDA. To request access, please contact your Vega account team or open a ticket with our support team at support@vegacloud.io.

🔐 Data Protection

  • Encryption: Vega Cloud leverages AES-256 encryption for data at rest and TLS 1.2/1.3 protocols for data in transit, ensuring compliance with industry best practices.
  • Access Management: We operate under the principle of least privilege, employing read-only permissions to access cloud cost and usage metrics. This ensures no access to sensitive workloads or customer environments.
  • Monitoring and Testing: Continuous monitoring and annual penetration testing (infrastructure and application layers) by independent third-party security firms proactively mitigate risks.
  • Privacy Policy: View our Privacy Policy for details on how we handle and protect your data.

🛠️ Roles and Permissions

How Vega Accesses Data

Vega Cloud operates using the principle of least privilege:

  • Read-Only Permissions: For the Inform and Optimize SKUs, Vega only requires read-only access to cost and usage metadata.
  • Operate SKU Permissions: For the Operate SKU, Vega requires permissions to start and stop resources (e.g., VMs or instances) to help customers optimize usage and spend.

Deployment Details

  • On AWS, Vega uses IAM roles to access cost and usage data.
  • On Azure and GCP, Vega uses service accounts with the same read-only or limited permissions.
  • Customers maintain full control over the level of permissions they grant to Vega, and all configurations are outlined in our public GitHub repository.

Data Collection Statement

Vega collects only cost and usage metadata required for optimization and governance. No personal, workload-specific, or application data is accessed or stored by Vega.

🛡️ Vega Cloud Security Controls

✅ Access Management

  • Role-Based Access Control (RBAC) ensures users have permissions aligned with their responsibilities.
  • Multi-Factor Authentication (MFA) enhances account security.
  • Access provisioning and de-provisioning follow formalized processes.
  • Regular audits verify appropriate access levels.

✅ Data Security

  • Encryption protects customer data in transit and at rest.
  • Key management protocols ensure secure encryption practices.
  • Logical data segregation isolates customer environments.

✅ Infrastructure Security

  • Vega Cloud operates on enterprise-grade infrastructure for high resilience.
  • Vulnerability management includes regular scanning and patching.
  • Comprehensive disaster recovery plans are in place to ensure business continuity.
  • Monitor current and historical availability on our Status Page.

✅ Compliance and Governance

  • SOC 2 Type 2 certification demonstrates adherence to rigorous standards.
  • Annual third-party penetration testing validates system security.
  • Change management processes ensure all updates are reviewed and authorized.

❓ Frequently Asked Questions

What compliance certifications does Vega Cloud hold?

Vega Cloud holds the following certifications:

How does Vega Cloud protect my data?

Your data is encrypted both in transit and at rest, and logical data segregation ensures isolation from other tenants. We employ advanced access control measures to limit data access.

What permissions does Vega require to deploy?

Vega only requires read-only permissions for most deployments (Inform and Optimize SKUs). For Operate SKUs, permissions to start and stop resources are necessary. Customers retain full control over what permissions they grant Vega. Learn more in our public repository.

Where is customer data stored?

Customer metadata processed by Vega Cloud is stored within secure, geographically redundant data centers. Vega ensures compliance with local regulations such as GDPR by processing data within relevant jurisdictions.

What happens in the event of a security incident?

Vega Cloud follows a formal Incident Response Plan that includes detection, containment, and resolution processes. Customers are notified promptly if any incidents affect their environments, ensuring transparency and accountability.

Supporting Resources