Access Review: Vanta Integration

Vanta is a security and compliance tool that helps companies achieve compliance with SOC 2, ISO 27001, and other security standards. Vanta provides a platform that helps companies prepare for audits by automating the collection of evidence and providing guidance on how to improve security practices.

Cloudback integrates with Vanta to provide a seamless experience for customers who use both services. This document explains how to set up the integration and what data is shared between Cloudback and Vanta.

Setting up the Integration

To set up the integration between Cloudback and Vanta, follow these steps:

• Log in to Vanta, and navigate to the Integrations page.

• Locate "Cloudback" in the list, click "Connect," then select "Connect to Cloudback".

• Follow the installation instructions. You will be redirected to Cloudback to log in and authorize the integration.

• Once the installation is complete, you will be redirected back to Vanta. Cloudback will now be connected and users automatically uploaded to Vanta.

Data Shared with Vanta

The Cloudback-Vanta integration automatically syncs user data between Cloudback and Vanta. Cloudback sends a list of users to Vanta, including their email addresses. The list takes into account all users who have access to Cloudback based on the GitHub application installations. For example, if you have 3 different GitHub organizations connected to Cloudback, Vanta will receive a list of owners from all 3 organizations.

Cloudback shares the following user data with Vanta:

• Account: GitHub account name

• Email address: The email address associated with the GitHub account

• User role: By design, only GitHub organization owners have access to Cloudback. Therefore, all users shared with Vanta are organization owners.

All the data is shared immediately after the integration is enabled, and every 24 hours to ensure that Vanta has the most up-to-date information about Cloudback users. If something goes wrong during the data sync, Cloudback will automatically disable the integration. The integration can be re-enabled by following the steps outlined in the "Setting up the Integration" section. You can check the reason for the integration failure in the audit log.

Audit Log

Cloudback records all user actions in an audit log. The audit log also captures all actions related to the Vanta integration, including when the integration was enabled, disabled, or updated. The audit log is available to all Cloudback users. To locate the audit log records related to the Vanta integration, filter the log by the "Vanta Integration" action type.

Disabling the Integration

To disable the Cloudback-Vanta integration, follow these steps:

• Log in to Vanta, and navigate to the Integrations page.

• Locate "Cloudback" in the list, click "Manage" then select "Delete".

• Confirm the deletion by clicking "Delete credential and data" in the confirmation dialog.

Cloudback will automatically stop sharing user data with Vanta once the integration is disabled, no further action is required.

Learn more

• Vanta Partners

• Cloudback on Vanta partners page

• Audit Log