Skip to main content
emnode

Security

Security at Emnode

Emnode handles cost and security data for your entire cloud estate. Read-only by design, UK-hosted, and built around the controls below.

What we access in your cloud

When you connect AWS, you install an IAM role we assume across accounts using an External ID you control. For Azure, you create a service principal in your tenant. Either way, our access is read-only.

We read

  • Cost and usage data
  • Security and compliance findings
  • Resource metadata for sizing analysis
  • Backup metadata

We never ask for

  • Write access of any kind
  • Permission to modify IAM
  • Your application code, databases, or secrets
  • Personal data stored inside your cloud

How we protect it

UK-hosted

All infrastructure runs in AWS UK. Customer data does not leave the region.

Encrypted everywhere

Data is encrypted in transit and at rest. Public access to storage is fully blocked.

Tenant isolation

Every request is tied to your tenant. Data is partitioned per customer and access is checked on every request.

Multi-factor authentication

Password plus a second factor — authenticator apps or passkeys. MFA can be required per user.

Audit logging

User and admin actions are recorded to an in-app audit log that customer admins can review at any time.

Controlled internal access

Staff access to customer data is constrained, time-limited, and fully audited.

Your data, your rules

Revoke access at any time — remove the IAM role or service principal you granted us, and we lose access immediately.

GDPR rights — see our Privacy Notice. Registered with the UK Information Commissioner's Office (ZC129144).

Need more detail?

Happy to share documentation, complete security questionnaires, or sign a Data Processing Agreement.

[email protected] Talk to our team →