Key principles of Yandex.Cloud security
Openness and transparency
It's impossible to use cloud services without trusting the provider. Information about the cloud platform structure and processes increases customer loyalty.
Yandex.Cloud informs customers about:
- How the key cloud infrastructure security processes work.
- How security is provided for user data, who can access it, and when.
- How we ensure compliance with information security international standards and legal requirements.
Compliance with international standards and legal requirements
To protect the cloud infrastructure, it's important to meet the international standards and legal requirements for information security. This is especially true for data, access to which must be restricted under federal laws.
Yandex.Cloud conducts regular internal and external audits to assess whether the platform meets these requirements.
Ensuring security at each step of service creation and provision
The Yandex.Cloud team follows the Security Development Lifecycle (SDLC), building the foundation for cloud service security from the earliest stages of the project. This is enhanced with Defense in Depth that creates multi-layer security controls. They prevent attacks and help detect attackers' activities in advance.