About Security

Built from the beginning to be secure

Teevity is a read-only system : we are only collecting 'cost and usage data' to provide you with analytics and management features. We never take actions on your behalf.

That's why we only need read-only access to the cloud accounts you chose to monitor. For instance, you can use an Amazon IAM user account with limited rights or a Google AppEngine user account with the Viewer role which has read-only access to your application adminstration console.

Unfortunately, to this date, not all Cloud/Saas providers implement read-only access or, even better, API access to the cost and usage information.

How security works in our system we are split accross two datacenters and accross two cloud providers

In order to regularly snapshot the state of your current 'cloud spendings', we need to connect to the portals/API of the Cloud providers you use.

This requires various forms of accesskey, username and passwords (read-only most of the time) that we sometimes have to store, depending on the security technology used by the Cloud providers (not everybody is using OAuth).

In order to guarantee the maximum security for your data, our system is split in three parts :
 - The one you get in touch with, our API and web application which displays the information you are interested in
 - The one which is doing the 'cost fetching' work
 - The one which is our secure, encrypted locker for your sensitive data.

Only the first one is reachable from the Internet. The others are completely locked out, even from us. Because they are autonomous and never need to be reached out from the Web (they work on a write-only and CRON basis).

Don't want to share your keys ? Especially for clouds that don't have support for read-only credentials ?

You can run the Teeviy 'cost fetching agent' under your own control. The rest of the system keeps running as a shared SaaS system and you still use our web site and API to get access to your cost data.

So you get the best of both worlds : no keys to share and a solution which is still SaaS based.

We currently support running the cost-fetching agent inside your own AWS cloud, and it's dead-simple to setup : you just have to execute a CloudFormation that will deploy the agent inside one of your AWS accounts. It will then run regularly to do its cost fetching work and push the collected data to our servers.

Get in touch with us for more information and for how to set things up (sales@teevity.com).