FAQ

No. VikingCloud is fully agentless. We connect to your cloud providers using read-only API credentials and scan externally. Your VMs are never stopped, accessed, or modified — VM scanning uses ephemeral snapshots that auto-clean after the scan completes.

Honestly: we're a small, focused company, not a Wiz clone. Wiz and Orca have engineering teams in the hundreds, years of enterprise refinement, and capabilities we don't yet offer (deep DSPM, runtime sensors, mature partner ecosystems, 24/7 enterprise support). What we do offer is the core CNAPP capabilities most security teams actually use day-to-day — asset inventory, configuration checks, vulnerability scanning, attack-path analysis, compliance evidence — at a public, predictable price, with self-serve onboarding and no sales gating. If you need the most polished enterprise CNAPP on the market with a 24/7 SLA, the giants are worth what they charge. If you want core cloud security at a price that makes sense for a small or mid-sized team, that's the gap we're built to fill.

Yes. Basic, Starter, and Pro give you the full platform — the only thing that scales is the cloud-account count. Enterprise adds org-level scanning, SAML SSO, and a dedicated support channel — capabilities that genuinely require enterprise plumbing, not paywalls on basic features.

The Posture page produces per-control pass/fail evidence with timestamps, exportable for auditors. 10 frameworks ship live today (CIS, SOC 2, ISO 27001, HIPAA, PCI 4.0, NIST CSF 2.0, NIST 800-53 R5). We add more frameworks based on customer demand — if there's a specific framework you need (FedRAMP, ISMAP, DORA, NIS2, CMMC, anything else), let us know and we'll prioritize it on the roadmap.

Connect read-only credentials → first scan completes in under 30 minutes for most environments → AI briefing summarizes findings → curated issues are ranked and ready to assign. No DevOps tickets, no Terraform PRs, no 6-week onboarding.

Yes. 14 days, full platform, all cloud providers. Self-serve from sign-up to scan results — never touch a calendar invite.

A cloud account is one billable unit. Today that's one AWS Account (12-digit Account ID), one GCP Project, one Azure Subscription, or one Kubernetes Cluster — and we add support for additional providers as the roadmap moves forward. For example, if you have 1 AWS account and 1 GCP project, that counts as 2 cloud accounts → Starter tier covers it. Larger footprints scale into Pro, and Organization-level scanning across AWS Organizations, GCP Folders, or Azure Management Groups is reserved for Enterprise — contact us for a quote.

All cloud credentials are encrypted at rest using industry-standard authenticated encryption before being stored. Encryption keys are managed separately and are never stored alongside your credentials. Credentials are only decrypted in memory during active scans and are never logged or exposed. You can revoke and delete your credentials at any time from the Connections settings page.