Cloud Platform Security

Security is something we treat with the upmost importance, this page sets out the security measures we take with the product's deployment.

The Eido cloud platform is hosted in two locations:

The underlying architecture is based on Aure's serverless technologies so Microsoft themselves handle patching. We use Microsoft Intune's Autopatch functionality to patch our own devices with patches being applied as follows:

Data in Transit is encrypted with a minimum of TLS 1.2. The eido platform is not accessible using < TLS 1.2, access is blocked by our Web Application Firewall as we do not support anything older. The signature algorithm used by the Eido application is SHA256withRSA with a 2048 bit key. Our configuration permits us a score of A at https://www.ssllabs.com and it is our intention for us to maintain that score.

Data at Rest is encrypted using the industry standard AES-256 encryption. Key access and rotation is managed by Azure.

Access to the cloud infrastructure that’s host’s the eido platform (eu.eido.cloud and us.eido.cloud) is only accessible to employees who are connected to the VPN. The VPN requires multi-factor authentication. Role-based access control (RBAC) governs administrative functions. Tenant data is logically isolated using unique tenant identifiers, ensuring complete separation between customers.

The Eido availability and security is monitored 24 / 7 / 365. On-call ensures we can immediately respond to any critical platform or security issues in real-time.

All data transmitted to the Eido platform has to go through our web application firewall. Our web application firewall protects our platform against exploitation of a wide range of vulnerabilities such as Session hijacking, session replay attacks, Cross-Site Request Forgery (CSRF) attacks Injection attacks, CSS Injection attacks, and many more, including those published by OWASP.

At Eido, we utilise Azure Front Door, which is a Web Application Firewall, providing managed distributed denial of service (DDoS) protection service that safeguards the Eido infrastructure that hosts our cloud platform. It provides dynamic detection and automatic mitigations that minimize application downtime and latency.

Users login to Eido with Entra credentials so for increased security, Eido recommends customers to enforce the use of MFA for Entra logins. Please contact support@eido.cloud if help is needed with this.

The Eido Platform is backed up daily and retained for 35 Days. Backups are encrypted using the industry standard AES-256 encryption.

Our product code is scanned for vulnerabilities using GitHub Dependabot and Advanced Security cloud platform is scanned every time a change is made.

We allow per‑ Intune tenant customization of data retention settings. These settings are not changable by end users directly - please contact support to make changes to these settings for a specific Intune tenant.

The default values for the data that we collect from Intune tenants is as follows

Data is cleared up via automation that runs periodically, customers may request the above defaults are changed at any time via support. Eido collects only —device inventory, Entra user properties, compliance status, app usage metrics—never personal end-user content.

We subscribe to feeds by the leading cyber security agencies, when an announcement is made, or new critical issue is detected, a security incident will be created for us to review and take action if necessary. The current SOC Feeds we have are: • National Cyber Security Centre • Microsoft Security Response Center • Cyber and Infrastructure Security Agency