Breadcrumbs

Cloudamize Assessment Security Summary

Cloudamize is a cloud-migration assessment platform. During a time-boxed period, a lightweight agent (or an agentless collector) gathers performance and inventory data to produce right-sizing recommendations. It is a temporary, read-only activity, no configuration changes are made to source systems, and the software is removed when the assessment ends.

WHAT IS COLLECTED AND TRANSMITTED

Category

Examples

Notes

Performance Metrics

CPU, memory, disk, and network utilization

Sampled every 30 seconds; low sensitivity.

Application Inventory

Installed software (Windows Registry / Linux RPM-DEB), running processes

Used for dependency mapping and workload analysis.

Asset Identifiers

Hostname, machine UUID, private IP address

Used to uniquely identify and track a server throughout the assessment.

Data is sampled every 30 seconds and transmitted every 5 minutes. Bandwidth is negligible — roughly 5–40 KB per 10 minutes per host. Agent CPU overhead is capped by a built-in watchdog process (typically well under 3%).

WHAT IS NOT COLLECTED OR TRANSMITTED

  • No credentials ever leave the network. For the agentless collector, discovery credentials are stored, encrypted on the collector VM only, and are never sent to Cloudamize.

  • No file contents, user data, or database records — only system metrics and the software inventory list.

  • No inbound connections from Cloudamize to your environment. All traffic is outbound-initiated from your network.

HOW DATA IS PROTECTED IN TRANSIT

Encryption: All data is sent over TLS 1.2 minimum (1.3 preferred); OpenSSL 3.0.0+ required. TLS 1.2 is refused. Assessment data stored within the Cloudamize platform is encrypted at rest using AES-256 encryption.

Single outbound path: HTTPS over TCP 443 to one regional endpoint (US / EU / UAE), directly or via a corporate proxy.

TLS-interception friendly: Certificate pinning is not used, so enterprise TLS-inspection gateways are fully supported.

PORTS REQUIRED FOR THE ASSESSMENT

Agent-based collection:

Target

Port / Protocol

Direction

Purpose

Cloudamize Endpoint

TCP 443 (SSL/HTTPS)

Outbound: Agent Server → Cloudamize Endpoint

The only required port. Used to securely transmit all collected data directly or through an HTTP proxy.

Agentless Data Collector (ADC):

Target

Port / Protocol

Direction

Purpose

Cloudamize Endpoint

TCP 443 (SSL/HTTPS)

Outbound: ADC → Cloudamize Endpoint

Sends collected assessment data to Cloudamize.

Windows Targets

TCP 445 (SMB)

Inbound: ADC → Windows Targets

File sharing and WMI communication.

Windows Targets

TCP 135 (RPC Endpoint Mapper)

Inbound: ADC → Windows Targets

Establishes the initial RPC connection.

Windows Targets

Dynamic RPC – TCP 49152–65535 (Legacy: 1025–5000)

Inbound: ADC → Windows Targets

RPC data exchange after the initial connection on TCP 135.

Linux Targets

TCP 22 (SSH)

Inbound: ADC → Linux Targets

Used for Linux data collection. The SSH port is fixed and cannot be changed.

Perimeter note: Only TCP 443 crosses the network perimeter and is outbound-initiated. The 445, 135 dynamic RPC port range and 22 rules are internal — inbound to the target servers from the ADC only. Cloudamize's backend does not initiate inbound connections to the environment.

Endpoints by region:
am.cloudamize.com (US)
am-de.cloudamize.com (EU)
am-ae.cloudamize.com (UAE)

SECURITY CHARACTERISTICS

  • Time-boxed collection.

  • No automatic updates after deployment.

  • Windows agent runs as SYSTEM, Linux agent as root, ADC uses a customer account.

Security and Compliance

Industry Compliance

Cloudamize follows industry-recognized security practices and compliance standards to help protect customer assessment data.

Compliance

Status

ISO 27001

✔ Certified

SOC 2 Type II

✔ Certified

Annual Penetration Testing

✔ Performed

GDPR

✔ Compliant

GovCloud

Supported (requires prior Cloudamize approval)

HIPAA

Not applicable (Cloudamize does not collect PHI/PII required for HIPAA scope)

PCI

Not applicable

ITAR

Not applicable

Cloudamize infrastructure assessments do not collect Personally Identifiable Information (PII), Protected Health Information (PHI), or payment card data as part of the assessment process. Consequently, HIPAA, PCI DSS, and ITAR regulations are generally not applicable to the assessment platform.

Cloudamize does not collect application business data, user files, email content, database records, or other customer-generated content as part of an infrastructure assessment.

Data Residency

Assessment data is stored within AWS data centers based on the geographic region where the assessment is deployed.

Agent Security

The Cloudamize Agent is designed to provide comprehensive infrastructure discovery while maintaining a minimal impact on monitored systems.

Key characteristics include:

  • No system reboot is required during installation or operation.

  • Typical CPU utilization is approximately 0.5%, resulting in minimal performance overhead.

  • Built-in resource throttling automatically pauses or reduces collection activity if CPU or memory utilization exceeds predefined thresholds.

  • Data collection is performed by lightweight background services designed for continuous operation.

Agentless Security

For organizations that prefer not to install software on monitored systems, Cloudamize provides an Agentless data collection option.

The Agentless Collector securely gathers infrastructure information using standard operating system management protocols:

  • SSH for Linux systems

  • WMI for Windows systems

Collected data is securely transmitted to Cloudamize using encrypted TLS connections.

Unlike the Agent-based approach, management ports are required only between the internal Agentless Collector and customer systems. No inbound connectivity from Cloudamize into the customer environment is required.

Additional Security Resources

For the latest security certifications, compliance reports, and security documentation, visit the Cloudamize Trust Center.


If you have any queries, please get in touch with the helpdesk via our Helpdesk Portal or by email at helpdesk@cloudamize.com.