> For the complete documentation index, see [llms.txt](https://docs.coherent.global/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.coherent.global/trust-center/coherent-trust-center/cloud-security.md).

# Cloud Security

<details>

<summary>Segmentation</summary>

Our Amazon Web Services (AWS) accounts provide the highest level of segmentation boundary that can be achieved on AWS. [Amazon Virtual Private Cloud](https://aws.amazon.com/vpc/) (VPC) and subnet provide the further logical isolation of our resources.&#x20;

Within AWS, security groups act as a virtual firewall and provide stateful inspection. Security groups are also used to control the traffic between worker nodes, external IP addresses, and other VPC resources.

We use [Amazon EC2 security groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html) to define rules that allow inbound and outbound network traffic to and from pods that we deploy to nodes running on many Amazon EC2 instance types.

</details>

<details>

<summary>Access Control</summary>

Access to our cloud environments is restricted and we ensure that only authorized users and applications can access them. This is achieved through [Identity and Access Management](https://en.wikipedia.org/wiki/Identity_and_access_management) (IAM), [Multi-Factor Authentication](https://en.wikipedia.org/wiki/Multi-factor_authentication) (MFA), [Resource-Based Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html), [Service Control Policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) (SCPs), and [Amazon Virtual Private Cloud](https://aws.amazon.com/vpc/) (VPC) security.

We utilize [AWS CloudTrail](https://aws.amazon.com/cloudtrail/), [AWS Config](https://aws.amazon.com/config/), and [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) to monitor and log access to resources, ensuring that any unauthorized access attempts are detected and can be investigated.

</details>

<details>

<summary>Cloud Security Posture Management (CSPM)</summary>

We use [AWS Security Hub](https://aws.amazon.com/security-hub/) service for a comprehensive view of the security state and help assess our AWS environments against security industry standards and best practices.&#x20;

Security Hub collects security data across AWS accounts, AWS services, and supported third-party products and helps analyze our security trends and identify the highest priority security issues.&#x20;

Security Hub automates the security checks and centralizes the security alerts to help us in continuous monitoring and initiating an automated response that accelerates the meantime to resolution and remediation action.

</details>

<details>

<summary>Alerts and Monitoring </summary>

We monitor application logs, errors, infrastructure utilization, security incidents, configuration drifts, and high-risk activities continuously and take immediate action in response to the findings generated by the monitoring tools.&#x20;

Our Alert and Monitoring policy guides the team to monitor, identify, assess, and address alerts generated from the monitoring tools promptly, thereby protecting our environments from potential threats to the Confidentiality, Integrity, and Availability of customer data.

</details>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.coherent.global/trust-center/coherent-trust-center/cloud-security.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.