VK Cloud logo
Support
Updated at April 15, 2024   08:50 AM

Platform security

To ensure a high level of security for the VK Cloud platform, the security measures and practices described below are used.

Additional information is available on the Cloud Security page.

Monitoring and countering attacks

Security Operations Center (SOC VK) provides monitoring of VK Cloud, analyzes security events of VK Cloud servers and identifies anomalies using a SIEM (Security Information and Event Management) class system.

The following mechanisms also work:

VK Cloud antifraud is a set of security measures and rules aimed at filtering automatic registrations of bots and users, as well as preventing potential attacks on the resources of the VK Cloud platform.

When activating VK Cloud services, you may need to confirm user data. In this case, use one of the proposed methods of identity verification:

  • Linking a bank card. Link your card and, if necessary, pay for VK Cloud services.
  • Company card (for legal entities). In your message, please attach a file with the details of the organization on whose behalf you are registering. The postal address must indicate the name or other details of the organization.
  • Contact technical support. Create an account activation request on the technical support portal. Application category — account, group — activation and access.

Conducting security checks

External inspections are carried out at least once a year with the participation of an external contractor. The check is carried out, among other things, using the model of an internal violator.

VK Cloud also conducts its own information security audits and participates in Bug Bounty programs to find vulnerabilities:

This allows you to quickly identify and eliminate vulnerabilities in VK Cloud.

Applying secure development principles when building the platform

  • Information security training for platform developers.
  • Integration and automation of security tools and practices at all stages of the development and operation life cycle (DevSecOps).
  • Architectural review and security audit of each service.

Applying industry best practices

  • Isolation of VK Cloud segments and services from each other using a firewall.
  • Differentiation of access to VK Cloud resources using a role model at the Identity and Access Management (IAM) level.
  • Access to the platform is available only to a limited number of VK Cloud administrators with mandatory authentication. Trusted and secure hosts (jump hosts) are used for access.
  • Separation of responsibility for security between VK Cloud and the user (more details on the Cloud Security page).

Did not find your answer?Write to us

© 2024 VK Cloud
Privacy Policy