Frequently Asked Questions

Firefly's Automated Cloud Resilience platform automates your cloud with Infrastructure-as-Code and instantly recovers your environments from outages and cyberattacks, keeping your infrastructure governed, compliant, and recovery-ready.

Firefly continuously scans your entire cloud estate, across multi-cloud, Kubernetes, and SaaS, maintaining a real-time System of Record for every resource, dependency, and relationship. Firefly maps your IaC coverage status, showing exactly which assets are codified, unmanaged, or drifted, and automatically turns ungoverned resources into Infrastructure-as-Code. It continuously enforces policies, detects and remediates drift, fixes misconfigurations instantly using an AI SRE and DevOps agent, keeping your infrastructure governed, compliant, and recovery-ready. When outages or cyberattacks strike, Firefly instantly rebuilds your infrastructure with IaC.

Any cloud resource you've created — S3 buckets, EC2 instances, IAM roles, Lambda functions, Kubernetes cluster roles, and more. Firefly supports all assets across AWS, Azure, Google Cloud, Kubernetes, and any SaaS application with a Terraform provider.

Firefly supports all assets from AWS, Google Cloud, Azure, Kubernetes, and any SaaS application that has a Terraform provider.

Onboarding takes only minutes. Click “Login” to open your account. Connect at least one cloud asset, and you can begin realizing the benefits of more visibility, reliability, and control. Chat with us if you have questions or need help getting started.

We support all IaC types including Terraform, Pulumi, CloudFormation, Crossplane, and others.

Currently, we integrate with AWS, Azure, GCP, OCI and Nebius.

Unlike point solutions that only address drift, IaC orchestration, compliance, cloud governance, or disaster recovery in isolation, Firefly is the only platform that gives you a real-time System of Record, full IaC automation, continuous governance, and instant infrastructure recovery from outages and cyberattacks, all from a single platform. From the first ungoverned resource to a full cross-region failover, it's end-to-end cloud resilience.

Firefly continuously backs up your infrastructure configuration and maintains a complete history of every resource state. When an incident hits, you can rebuild full environments with all dependencies in minutes, roll back to a last-known-good state across regions, and recover with RTO < 1 hour.  All without touching a manual runbook.

CAIRS is a Gartner-recognized category for tools that rebuild full cloud infrastructure on demand, not just restore data. Firefly is recognized by Gartner as a leading CAIRS solution in the 2025 Hype Cycle for Backup & Data Protection. Unlike traditional backup tools that protect data but leave your infrastructure and dependencies unrecoverable, Firefly compresses restore time from hours to minutes using Infrastructure-as-Code, with complete environment recovery, ransomware-safe rollback, and RTO under 1 hour.

CRPM is Firefly's industry-first approach to measuring and continuously improving your ability to withstand cloud incidents. It gives you a live view of how protected and recoverable your critical assets are, with audit-ready evidence for DORA, SOC 2, and ISO compliance built in.

Firefly standardizes your entire infrastructure delivery through GitOps workflows with built-in guardrails that validate every deployment before it reaches production. Teams can provision infrastructure on demand using reusable blueprints, integrate directly into existing CI/CD pipelines, and manage Terraform, OpenTofu, Pulumi, CloudFormation, and Crossplane from a single platform, eliminating manual processes and ensuring every resource is consistently governed from day one.

Firefly continuously scans your entire cloud estate and maintains a real-time System of Record for every resource, dependency, and relationship across AWS, Azure, GCP, Kubernetes, and SaaS. It detects drift and misconfigurations the moment they happen, enforces built-in and custom policies across frameworks like SOC 2, PCI DSS, HIPAA, and ISO 27001, and uses AI agents to remediate violations automatically, from code to cloud.

All data in transit is encrypted using SSL (TLS 1.2). The entire Firefly infrastructure is gated inside a private VPC. Connections to the Firefly (Inc. Infralight Ltd) network and databases are obtained through a secured bastion server, only accessible from within the office network. Encryption between Infralight Ltd customers and the Infralight application is enabled using an authenticated SSL/TLS tunnel. Internet traffic is encrypted using high-class level certificates based on the PKI infrastructure.

Data at rest is encrypted using AES256 when such protections are deemed appropriate based on assessed risk. Processes are in place to protect encryption keys during generation, storage, use, and destruction.

All secrets are saved in HashiCorp Vault and encrypted by it.
Data is saved on ElasticSearch, which is encrypted (TLS) and SOC2 Type2 complied.
We also use AWS KMS to encrypt data from DynamoDB

Production data access is limited to SRE & production engineers and engineering leadership such as the CTO & VP of Engineering.Firefly has implemented a recertification process to help ensure that only authorized personnel have access to the production interface, servers, environments, and databases.
Users, administrators, and permissions with the different environments (servers, database, and application) are reviewed and approved by the Firefly's CTO on a quarterly basis.
Employees whose job functions have changed and therefore no longer require access to a group of user permissions will have their access disabled or modified as needed. Remote access to the production system is only accessible through a VPN (Axis Security) for authorized personnel.

To enable cloud scanning, Firefly asks for a Read-Only permission set, which allows the scanning for the configuration of cloud resources, and not their data. For example, Firefly will know about the existence of a storage bucket, but can’t read or know about the objects inside it.

To discover IaC state files (and specifically Terraform’s .tfstate files), Firefly asks for Read-Only permissions [S3:GetObject] to AWS S3 Buckets which hold “.tfstate” files.

Firefly doesn't collect any personal data, PII or any data on it's customers' customers (e.g Company's customers). Firefly has Data Protection Policy that is available in Firefly's security portal as part of SOC2 Type2 compliance, The policy reviewed and updated on an annual basis by the CTO.