Kloudfuse Security

Kloudfuse is a unified observability platform, designed for modern, cloud-native environments. It provides deep, correlated insights across all telemetry types — metrics, logs, traces, and events — through a high-performance architecture.

Kloudfuse delivers a secure, scalable, and high-performance observability solution for enterprises. Its unique architecture ensures data privacy while offering enterprise-grade security features across identity, data, and operations.

This document outlines the key security features and practices of the Kloudfuse platform.

Platform Architecture and Deployment Model

Kloudfuse employs a hybrid deployment model:

Data Plane: Deployed entirely within the customer’s cloud account, the Data Plane ingests, stores, and processes telemetry data locally. This approach ensures data privacy and compliance.

Control Plane: Optionally managed by Kloudfuse to monitor the health and lifecycle of the Kloudfuse deployment.

Platform architecture enables Kloudfuse customers to retain full control over their data, while benefiting from SaaS-like operational ease.

Infrastructure and Physical Security

Because the data plane resides within the customer’s cloud infrastructure (AWS, Azure, GCP), the customer and their cloud provider manage the physical and infrastructure-level security. This approach ensures high level of security and alignment with industry standards.

Identity and Access Management

Role-Based Access Control (RBAC): Users have assigned roles with specific permissions, ensuring the principle of "least privilege".

SSO/SAML Integration: Enables enterprise-grade authentication mechanisms to streamline and secure access control.

Ingest Authentication: Validates and authorizes incoming telemetry data from trusted sources.

Data Security

Data Residency: All telemetry data resides in the customer’s cloud account.

Log Classification and Handling: Ingests various log types (application, security, system, network) with flexible parsing and indexing.

Log Archiving and Hydration: Cold storage for logs and on-demand retrieval capabilities ensures data availability, while optimizing costs.

Network Security

Multi-AZ Deployments: Ensures high availability and disaster tolerance.

Secure Communication: Supports TLS encryption for data in transit.

Vulnerability and Patch Management

Regular Release Cycles: Address CVEs and apply security patches.

Customers can monitor updates through our Release Notes.

Operations and Monitoring

Integrated Alerts: Enables alerts and health checks for platform components.

Operations: Control plane provides observability into data plane operations.

Detailed Documentation: Tracks known issues and resolutions to ensure transparency and accountability.