How Sophos stores and manages your data
Find out how Sophos looks after your data, and about our GDPR compliance.
To use Sophos Cloud Optix, you need to connect to one or more cloud environments, for example an Amazon Web Services (AWS) account, a Microsoft Azure subscription, or a Google Cloud Platform project. When you connect a cloud environment, you explicitly authorize Sophos to access information via APIs and collect log data.
Data is transferred between the customer's cloud environment and Sophos Cloud Optix in the following ways:
- Infrastructure metadata is pulled from the environment using the cloud platform's APIs, for example AWS SDK.
- Network flow logs and usage logs are pushed to Sophos Cloud Optix log collectors by a serverless function in the customer's cloud environment, for example AWS Lambda.
In both cases, the data transfer uses TLS encryption.
How data is stored, protected, and managed
Infrastructure metadata includes inventory information about your cloud resources, such as instances/VMs, storage buckets and security groups, and their associated security states.
Activity logs, such as AWS CloudTrail logs, may include information about an IAM entity that accessed or made changes to the infrastructure. VPC/Network flow logs include information about which IP address is communicating with another IP address, and the port and protocol used, for example 126.96.36.199 to 188.8.131.52 on port 80 via TPC.
All infrastructure metadata and log information collected by the service is stored using industry-standard AES 256 encryption.
You can remove a cloud environment from your Sophos Cloud Optix account at any time. All associated infrastructure metadata and log information is deleted automatically.
Sophos Cloud Optix also offers optional third-party integrations, for example Slack, Jira, ServiceNow, PagerDuty, and Splunk. Credentials you provide to use these integrations are stored using AES 256 encryption.
Sophos Cloud Optix and GDPR