Cloud Security

Overview

Vis|ability’s cloud-enabled deployment model for the vis|ability platform delivers the same mission-critical visualization and collaboration capabilities as our on-premises solution—augmented by the scalability, availability, and redundancy benefits of a secure cloud infrastructure.

Designed with a zero-trust mindset, vis|ability Cloud preserves the high-assurance access control, Source and Data encryption, and compliance posture that regulated industries demand.

Category	Cloud Implementation
Hosting & Isolation	Hosted in trusted U.S.-based commercial cloud environments; customer environments are logically isolated; supports deployment on customer-owned or commercial cloud infrastructure in accordance with IT policy.
Authentication & Access Control	Accredited accounts only; Role-Based Access Control (RBAC) ensures users can only access authorized content; integrates with Active Directory and Single Sign-On (SSO) for centralized account management.
Encryption	Data in transit secured with HTTPS/TLS 1.2+; Web Client and Web Portal connections protected by SSL/TLS; supports FIPS-compliant encryption settings for applicable components (including MUX Router).
Web Security Considerations	Browsers maintain independent TLS stacks—administrators should enforce supported TLS protocols via browser policy or configuration flags (e.g., `--ssl-version-max=tls1.2` in Chrome).
Security Configuration & Management	Centralized admin control over permissions, content access, and communication settings; all sessions, actions, and content-sharing events logged for auditability.
Vulnerability Management	Secure development lifecycle includes internal vulnerability scanning, prompt remediation of identified issues, and restricted developer access to source code and build environments.
Compliance & Development Practices	Aligned with ISO 27001 certification and NERC CIP requirements; secure development lifecycle with restricted access, vulnerability scanning, and remediation; practices aligned with NIST, FIPS, and CMMC frameworks.

Cloud Hosting Philosophy

Activu’s cloud systems are hosted within U.S.-based, FIPS-compliant, FedRAMP Moderate or High cloud environments such as:

Microsoft Azure Government Cloud
Amazon Web Services GovCloud (US)

Each customer cloud environment is provisioned in a dedicated, logically isolated environment - built on Customer and Data isolation in mind. These environments meet the physical, network, and administrative controls required to serve public sector, utility, and defense-sector clients.

Note

vis|ability Cloud can be deployed on customer-owned infrastructure or in trusted commercial cloud environments. Specific hosting details are aligned to customer IT policy and regulatory requirements.

Authentication and Access Control

Access to vis|ability Cloud is governed by the same strict access controls used in on-prem environments:

Users must authenticate via accredited accounts. By default, user accounts are locked down and must be explicitly granted permissions to interact with the system.
Role-based access control (RBAC) ensures that only authorized users can view, interact with, or manage content.
Integration with Active Directory and Single Sign-On (SSO) systems is supported, allowing customers to enforce their internal IT policies for account management and password complexity.

Internally, vis|ability provides granular access management:

Administrators can assign or restrict visibility and control rights for specific sources or actions.
This ensures only authorized users can view or manipulate sensitive content.

Encryption Standards

All communication within the vis|ability Cloud environment follows modern encryption practices:

Encryption Area	Implementation
Data in Transit	All communications within the vis\|ability Cloud environment are encrypted using HTTPS with TLS 1.2 or higher. TLS 1.3 is supported where customer environments allow.
Web Client & Web Portal	Protected using SSL/TLS encryption for all browser-based access. Protocol support is determined by server configuration and customer IT policy.
Data at Rest	Encrypted using methods supported by the hosting environment and in alignment with industry best practices (e.g., AES-256 when configured).
FIPS Compliance	Where applicable, vis\|ability components (such as the MUX Router) can be configured to use FIPS-compliant encryption using the `"ForceFipsEncryption": true` setting, consistent with on-prem deployment options.
Browser TLS Behavior	Web browsers use their own TLS stacks and do not inherit Windows OS SCHANNEL settings; customers should enforce approved TLS protocols through browser settings or enterprise policy.
Authentication Integration	All encrypted connections require accredited user accounts, with role-based access controls applied to determine which content and actions each user can access.

Where applicable, vis|ability components can be configured to enforce FIPS-compliant encryption, as described in on-prem deployments.

Security Configuration and Management

Customers using vis|ability Cloud benefit from streamlined system administration:

All user sessions, actions, and content-sharing events are logged for auditability.
System behavior—including content access, user permissions, and communication settings—can be centrally managed by administrators.
Where supported, MUX Router components can be configured for FIPS-compliant communication using the "ForceFipsEncryption" setting, just as in on-prem deployments.

Organizational Compliance

vis|ability Cloud adheres to the same organizational development and compliance practices as the on-prem vis|ability platform, including:

ISO 27001 certification for Activu’s corporate security posture
NERC CIP alignment for deployments in utility environments
Secure development lifecycle practices, including:
- Restricted development environments
- Internal vulnerability scanning and remediation workflows
- Source code access limited to authorized developers

Cloud Security

Security by Design: Trusted visualization in Regulated Environments