[DougN7]

I always wonder about security with these cloud management companies. Instead of the KGB/NSA/hackers trying to break into AWS etc, they go for a cloud management company and get access to lots of companies. I’m not sure how it could be helped - it’s the nature of the beast, but I personally have concerns.

[yasyfm]

Really excellent point. The way we try to handle this is by sealing off the part of the system that has any access to customer credentials, and making sure those credential are as minimal as possible (e.g. we can grant and revoke permissions to an existing user, but we cannot create new users or new permissions).