Kloudstack Logo

Security

KloudStack is designed to help businesses build, deploy, and manage application stacks with greater visibility, control, and security.

This page explains how KloudStack approaches security across two areas:

  • the KloudStack platform, including the dashboard, deployment workflows, automation layer, support systems, billing systems, monitoring, and operational services; and
  • customer stacks built through KloudStack, where security resources and controls depend on the selected stack, configuration, plan, and customer choices.

KloudStack provides predefined stack options and recommended security patterns, but customers may also build custom stacks and choose whether to include specific resources such as Managed Identity, Azure Front Door, Web Application Firewall, Azure Key Vault, private networking, monitoring, and other Azure services.

Security is a shared responsibility between KloudStack and each customer.

Platform security versus customer stack security

KloudStack separates platform security from customer stack configuration.

The KloudStack platform uses security controls to help protect the systems used to manage accounts, deployments, automation, support, billing, monitoring, and operations.

Customer stacks are configurable. Depending on the selected plan, predefined stack, custom stack choices, and customer requirements, a customer stack may include additional security resources such as Managed Identity, Azure Front Door, Web Application Firewall, Azure Key Vault, Microsoft Defender for Cloud, private networking, monitoring, backup options, and other Azure security services.

Where KloudStack provides predefined stacks, we aim to recommend secure defaults. Where customers choose to customise their stack, the final configuration may vary based on customer choices, cost preferences, application needs, performance requirements, and agreed operational requirements.

KloudStack platform security

The KloudStack platform is built with security controls designed to protect the systems used to manage customer accounts, deployment workflows, automation, support, billing, monitoring, and operations.

Platform security controls may include:

  • Microsoft Defender for Cloud;
  • Managed Identity;
  • Azure Front Door and Web Application Firewall;
  • Azure Key Vault;
  • access controls and least-privilege permissions;
  • platform monitoring and logging;
  • secure handling of configuration and secrets;
  • operational review and incident response processes;
  • structured support and feedback workflows.

These controls help protect the KloudStack platform and the services used to operate, manage, and support customer environments.

Built on Microsoft Azure

KloudStack is built on Microsoft Azure cloud infrastructure.

Depending on the platform service or customer stack configuration, Azure services may include:

  • Azure App Service;
  • Azure Database for MySQL;
  • Azure Front Door;
  • Azure Web Application Firewall;
  • Azure Key Vault;
  • Microsoft Defender for Cloud;
  • Managed Identity;
  • Azure Blob Storage;
  • Azure Monitor;
  • Application Insights;
  • Log Analytics;
  • Azure Communication Services;
  • other Azure services required for specific stack configurations.

Using Azure allows KloudStack to build on a mature cloud platform while focusing on the managed stack layer, automation, monitoring, support, customer experience, and AI-assisted operations.

Customer stack security options

KloudStack allows customers to build application stacks using predefined stack options or custom stack configurations.

Depending on the selected configuration, customer stacks may include security resources such as:

  • Managed Identity;
  • Azure Front Door;
  • Web Application Firewall;
  • Azure Key Vault;
  • private networking;
  • monitoring and logging;
  • backup and recovery options;
  • access controls;
  • edge protection;
  • database security configuration;
  • secure application settings;
  • diagnostic and alerting features.

Not every customer stack will include every security resource. Some resources may be optional, plan-dependent, customer-selected, or recommended by KloudStack based on the customer’s application, risk profile, performance needs, and cost preferences.

KloudStack can provide guidance and recommended secure configurations, but customers remain responsible for the stack choices they approve, including cost, security, performance, and operational trade-offs.

Predefined stacks and secure defaults

KloudStack may provide predefined stack options to help customers deploy faster and reduce configuration complexity.

Where predefined stacks are used, KloudStack aims to recommend practical security defaults based on the customer’s use case, selected plan, and application requirements.

Secure defaults may include recommended patterns for:

  • identity and access configuration;
  • edge routing and WAF protection;
  • database access;
  • monitoring and alerting;
  • application settings;
  • backup and recovery;
  • support visibility;
  • deployment controls.

Predefined stacks are designed to simplify deployment, but customers should still review the selected configuration and confirm that it meets their business, compliance, security, and operational needs.

Custom stacks and customer choice

KloudStack’s stack builder allows customers to create or select stack configurations based on their own requirements.

This flexibility allows customers to balance:

  • cost;
  • performance;
  • security;
  • scalability;
  • application requirements;
  • compliance needs;
  • operational complexity.

Because customer stacks can be customised, not every stack will have the same security posture.

For example, one customer may choose to include Azure Front Door and Web Application Firewall, while another may choose a lower-cost configuration without those resources. One customer may require Key Vault or private networking, while another may not include those services in their initial stack.

KloudStack may recommend certain security resources, but the final customer stack may depend on the approved configuration, selected plan, and customer requirements.

Edge protection

KloudStack platform services may use edge protection such as Azure Front Door and Web Application Firewall.

For customer stacks, edge protection may be included depending on the selected configuration.

Where enabled, edge protection may support:

  • global edge routing;
  • HTTPS/TLS support;
  • Web Application Firewall policies;
  • custom WAF rules;
  • CDN-style delivery for static assets and media;
  • origin protection patterns;
  • traffic filtering and request inspection;
  • protection against common web application attack patterns.

These controls can help reduce exposure to common web threats and provide an additional layer between public internet traffic and backend application services.

Edge protection does not replace secure application development, patching, strong authentication, plugin management, or responsible application administration.

Web Application Firewall

Web Application Firewall controls may be used to help detect, block, or reduce malicious traffic.

For the KloudStack platform, WAF controls help protect platform-facing services and operational endpoints.

For customer stacks, WAF may be included where selected, recommended, or configured as part of the customer’s stack.

WAF policies may help reduce exposure to:

  • common web application attack patterns;
  • suspicious requests;
  • automated probes;
  • abusive traffic;
  • attempts to access sensitive paths;
  • WordPress-specific attack patterns;
  • malicious or unwanted traffic.

KloudStack may also apply or recommend custom rules where appropriate, including rules for WordPress-specific paths, admin endpoints, XML-RPC access, known malicious patterns, or customer-specific protection requirements.

Microsoft Defender for Cloud

KloudStack uses Microsoft Defender for Cloud as part of its platform security approach.

Microsoft Defender for Cloud helps provide security posture management, recommendations, and visibility across supported Azure resources.

For customer stacks, Microsoft Defender for Cloud may be applied depending on the selected configuration, plan, subscription model, and agreed service scope.

Security recommendations from Microsoft Defender for Cloud may be used to support review, hardening, and operational improvement activities.

Managed Identity

KloudStack uses Managed Identity where appropriate to reduce reliance on manually handled credentials and improve secure access between Azure services.

For the KloudStack platform, Managed Identity may be used to support secure service-to-service access and platform operations.

For customer stacks, Managed Identity may be included depending on the selected stack configuration and application requirements.

Where used, Managed Identity can help improve security by reducing the need to store secrets directly in application code or configuration files.

Azure Key Vault

KloudStack uses Azure Key Vault where appropriate to help protect secrets, keys, certificates, and sensitive configuration used by platform services.

For customer stacks, Azure Key Vault may be included depending on the customer’s selected configuration, plan, and application requirements.

Where Key Vault is used, it can help support more secure handling of sensitive configuration compared with storing secrets in less controlled locations.

Customers should avoid placing secrets, API keys, passwords, tokens, or sensitive configuration directly in public repositories, website content, client-side code, or unsecured plugins.

Monitoring and diagnostics

KloudStack uses monitoring and diagnostics to improve visibility across platform services and supported customer stacks.

Monitoring may include:

  • platform health;
  • deployment status;
  • application performance metrics;
  • request volume;
  • response times;
  • error rates;
  • availability checks;
  • infrastructure metrics;
  • security-related events;
  • background task status;
  • operational alerts.

For customer stacks, the level of monitoring may depend on the selected plan, configuration, and support arrangement.

Monitoring helps KloudStack identify issues, support customers, investigate incidents, and improve platform reliability.

Where AI-assisted insights are used, monitoring data may also help generate summaries, recommendations, and operational guidance.

Access control

KloudStack applies access controls to help protect platform systems, support workflows, and operational environments.

Our access control approach is based on:

  • limiting access to authorised users;
  • applying least-privilege principles;
  • using role-based access where appropriate;
  • protecting administrative access;
  • reviewing operational access as the platform matures;
  • separating customer-facing access from internal operational access;
  • maintaining structured support and operational workflows.

Customers are responsible for managing their own authorised users, passwords, application administrators, WordPress administrators, CMS users, third-party administrators, and account access.

If customer credentials are lost, shared, reused, or compromised, this may affect the security of the customer’s own stack, website, application, or data.

Data protection

KloudStack handles customer and platform data in accordance with its Privacy Policy and applicable agreements.

Data handled by KloudStack may include:

  • customer account information;
  • billing and subscription information;
  • support requests and feedback;
  • deployment information;
  • operational logs;
  • monitoring and diagnostic data;
  • AI-assisted chat or diagnostic inputs;
  • customer stack configuration data;
  • hosted website or application data where access is required to provide support or managed services.

KloudStack uses reasonable technical and organisational measures to protect data handled through the platform and support workflows.

Customers remain responsible for ensuring that the data, content, and applications they host are lawful, appropriately protected, and suitable for the services they select.

Backups and recovery

KloudStack may provide backup and recovery features depending on the customer’s selected stack, service plan, and configuration.

Backups may cover different parts of the stack, such as application files, databases, configuration, storage, or related resources, depending on the service.

Backup and recovery processes are designed to support business continuity, but no backup process can guarantee recovery in every scenario.

Customers should ensure that backup arrangements meet their own business, operational, legal, and compliance requirements.

For critical workloads, customers should discuss backup frequency, retention, restore testing, and recovery expectations with KloudStack.

Incident response

KloudStack aims to respond to security and operational incidents in a structured and transparent way.

Incident response may include:

  • identifying and assessing the issue;
  • investigating affected systems or customer stacks;
  • applying containment steps where needed;
  • communicating with affected customers where appropriate;
  • coordinating with third-party providers if required;
  • restoring normal service where practical;
  • reviewing the incident and improving processes.

Service-wide incidents and maintenance events may be communicated through the KloudStack status page.

View Status Page

Support and security reports

Customers can contact KloudStack support for security-related concerns, suspicious activity, access issues, or operational incidents.

Security-related reports can be sent to:
security@kloudstack.com.au

For support requests, use:
support@kloudstack.com.au

Support and feedback workflows may be managed through Atlassian tools, including Jira Service Management and related systems.

AI-assisted security and operations

KloudStack is building AI-assisted capabilities to help support security, performance, cost optimisation, migration, monitoring, and operational workflows.

AI-assisted features may help:

  • summarise operational issues;
  • identify unusual patterns;
  • recommend next steps;
  • explain performance or security signals;
  • support diagnostic workflows;
  • assist with incident triage;
  • guide remediation planning.

AI-assisted features are designed to support human decision-making. They do not replace customer review, security judgment, or operational approval.

Material actions that may affect production systems, security rules, billing, availability, data, or customer experience may require customer approval or human review before being applied.

Shared responsibility model

Security is a shared responsibility between KloudStack and each customer.

KloudStack is generally responsible for:

  • the security of the KloudStack platform;
  • platform access controls;
  • platform deployment workflows;
  • platform monitoring and operational systems;
  • support and feedback systems used by KloudStack;
  • recommended secure stack patterns;
  • managed services expressly included in the customer’s selected plan or agreement.

Customers are generally responsible for:

  • selecting and approving their stack configuration;
  • website and application content;
  • business data;
  • users and administrators;
  • passwords and credentials;
  • DNS and domain decisions;
  • third-party plugins, themes, extensions, and integrations;
  • customer-supplied code;
  • lawful use of the services;
  • instructions provided to KloudStack;
  • security trade-offs made when choosing lower-cost or custom configurations.

This shared responsibility model helps clarify what KloudStack manages and what remains under customer control.

For more detail, read our Platform Terms of Service.
Read Platform Terms

Security limitations

KloudStack uses reasonable security measures, but no cloud service, hosting platform, website, application, or internet-connected system can be guaranteed to be completely secure.

Security can be affected by many factors, including customer configuration, third-party plugins, exposed credentials, outdated software, malicious traffic, compromised user accounts, DNS changes, third-party service incidents, and customer-approved stack choices.

KloudStack will continue to improve security controls, monitoring, documentation, and operational processes as the platform matures.