Trust & security
CloudMonitor is built so that connecting it can never make your cloud less safe. Here is exactly how your credentials, data and access are handled.
CloudMonitor only ever reads. It has no code path that creates, modifies or deletes cloud resources — so a bug or a compromise cannot change your infrastructure.
Connect an IAM key scoped to read-only policies. We recommend the minimum managed policies needed and validate scope on connection.
Credentials are encrypted at rest with AES-256 and are never displayed again after you save them. They are decrypted only in memory, only to sync.
Every workspace is isolated. One tenant can never see another tenant’s accounts, data, users or reports.
Every action inside a workspace is written to an immutable audit log, tied to a user and timestamp.
All traffic is served over TLS. Cloud API calls use the providers’ signed, encrypted endpoints.
When you connect a cloud account, you supply an access key scoped to read-only permissions. CloudMonitor validates the key on the spot and then encrypts it with AES-256 before it is stored. The plaintext key is never written to logs and is never shown in the UI again.
We read resource metadata, cost and usage data, and configuration needed to compute your inventory, spend and security posture. We do not read the contents of your object storage, databases or application data. We only need to see how resources are configured, not what is inside them.
If you believe you have found a security issue, please email info@radiatus.com. We take reports seriously and will respond promptly.
Read-only, encrypted and isolated. Connect your first account and see for yourself.
Get started freeNo credit card · Read-only · Cancel anytime