CITRICLOUD — Building Digital Experiences

CITRICLOUD

Security

SOC2-minded defaults so every public endpoint inherits strong controls.

Padlock on a keyboard representing digital security

Security at the edge

Identity and controls travel with every public hostname — not bolted on after deploy.

Identity

Authelia 2FA for operators and Keycloak for federation — auth is part of the edge, not an afterthought.

Edge controls

Traefik middleware chains apply WAF, HSTS, rate limits, and forward-auth to public hostnames.

Isolation

Tenant workloads are namespaced with network boundaries and least-privilege defaults.

Change integrity

GitOps delivery keeps production changes reviewable, attributable, and reversible.

Control inventory

Infrastructure and production systems

Hardened infrastructure

Isolated workloads, reviewable GitOps changes, and hardened ingress on every public surface.

  • Authelia 2FA on sensitive surfaces
  • Keycloak identity federation
  • Traefik WAF + HSTS middleware chains
  • TLS everywhere with automated certificates
  • Network isolation for tenant workloads
  • Audit-friendly GitOps change history
  • Rate limiting on auth and public APIs
  • Status and incident communication paths

Work with us on security

Report a vulnerability

Email admin@citricloud.com with subject Security. Include impact and repro steps.

Questionnaires

Send security questionnaires via Contact — we map them to platform controls.

Enterprise reviews

Architecture reviews cover SSO, residency, and edge posture for Scale customers.