Physical Security

As critical as the security of software is the physical security of the equipment which holds a cloud user’s data. Without real physical security, measures taken in software to secure a cloud user’s data are meaningless.
 

CloudSigma’s chosen data center in Zurich, Switzerland is shared with a number of financial institutions requiring the highest levels of security for their data housing. The Interxion data center in which CloudSigma is hosted boasts a multi-layered security system. Additionally all CloudSigma servers are stored in separate secured areas within the data center only accessible by authorized CloudSigma employees.
 

Our chosen data center also has advanced latest generation fire, water and electrical systems ensuring the physical security and availability of our servers.
Read more about the physical infrastructure and systems protecting our cloud.

Information Security 

Switzerland offers some of the most developed and stringent data privacy laws in the world. Headquartered in Zurich, Switzerland, CloudSigma AG (a Swiss corporation) complies with these high standards of data protection. All client and corporate system data of CloudSigma is kept within the jurisdiction of Switzerland on machines wholly owned and controlled by CloudSigma only. Unlike many cloud computing offerings, we are able to offer the assurance to all our customers of knowing where their data is and what laws it is subject to, without ambiguity.
 

Please read the full CloudSigma privacy policy and blog posts on network security in the cloud and securing access to the cloud.
 

Data at Rest

Each virtual drive is encrypted using a unique 256bit AES-XTS key ensuring a high level of protection for all user data residing on CloudSigma physical drives. Critically, this protects against the most common form of data leakage in public clouds, through re-assigned physical data blocks. Data leakage of this type occurs when a virtual drive of one user is deleted and the same physical data space is later used in relation to a new virtual drive created by a different user. If the new drive is empty, a malicious user can lift data from the old (now deleted) virtual drive. Unlike the CloudSigma product, many public clouds currently provide no protection against this simple threat.
 

Data in Transit

Within the cloud peer to peer storage traffic is isolated to a private network not accessible or visible to users or their virtual machines

Each user‘s public facing IP traffic is isolated from all other users in the cloud. This prevents any user from seeing and potentially snooping on other cloud users‘ IP traffic

CloudSigma offers VLAN functionality (available for purchase on subscription) to allow users to create a completely isolated private network between their chosen virtual servers.
 

Administrative Interface

The CloudSigma web interface and API are only accessible via fully encrypted 128bit SSL connections. Likewise, all API calls require identification through a user’s UUID and secret API key.

CloudSigma offers a full suite of cloud security tools to enable our customers to securely conduct their computing in the cloud. These tools include two-factor authentication for web console access, IP address white lists for API access and more.

Virtual Servers

Virtual servers on the CloudSigma cloud need to be secured in the same way as any public facing physical server would be. All users have full control of the software level of their virtual servers and it is therefore their responsibility to ensure that they are secured correctly. We recommend all users adopt best practice techniques to ensure the integrity of their virtual servers. This includes but is not limited to:

• Choosing secure randomly generated root and other passwords
• Regular resetting of all passwords
• Correct configuration of software and operating systems
• Frequent maintenance of all software and operating systems for security updates

By applying the above rules of thumb, virtual server instances can be kept more secure and less vulnerable to compromise and attack.