Cloud Hosting

Cronofy holds data in line with the Cronofy Data Management policy.

This page describes in more detail how Cronofy uses cloud service as part of that.

Data centers #

Cronofy provides six data centers around the world hosted by Amazon Web Services (AWS).

Per AWS’s Cloud Security guidance:

  • AWS is responsible for the security of the cloud
  • Cronofy is responsible for the security in the cloud

Cronofy uses AWS inline with AWS’s Well-Architected framework with all changes made via version-controlled processes.

Environment segregation #

All environments run within their own AWS account to ensure strict boundaries are in place beyond running within their own Virtual Private Cloud (VPC).

flowchart TB Employees--Authentication-->organization subgraph management management-vpc[VPC] end organization(Organization account)--AssumeRole-->management subgraph nonprod nonprod-vpc[VPC] end subgraph prod-au prod-au-vpc[VPC] end subgraph prod-ca prod-ca-vpc[VPC] end subgraph prod-de prod-de-vpc[VPC] end subgraph prod-sg prod-sg-vpc[VPC] end subgraph prod-uk prod-uk-vpc[VPC] end subgraph prod-us prod-us-vpc[VPC] end organization--AssumeRole-->nonprod organization--AssumeRole-->prod-au organization--AssumeRole-->prod-ca organization--AssumeRole-->prod-de organization--AssumeRole-->prod-sg organization--AssumeRole-->prod-uk organization--AssumeRole-->prod-us

Employees authenticate with a central AWS account before assuming a delegated role in other AWS accounts.

Each environment operates as an entirely separate instance, with no personally identifiable information (PII) flowing between them.

Environment resilience #

All environments leverage three Availability Zones in the region they operate within. This ensures resiliency in the face of power outages and such like within an individual zone.

Managed AWS services used by Cronofy are also configured to run across multiple Availability Zones.