Switzerland offers some of the most developed and stringent data privacy laws in the world. Headquartered in Zurich, Switzerland, CloudSigma AG (a Swiss corporation) complies with these high standards of data protection. All client and corporate system data of CloudSigma is kept within the jurisdiction of Switzerland on machines wholly owned and controlled by CloudSigma only. Unlike many cloud computing offerings, we are able to offer the assurance to all our customers of knowing where their data is and what laws it is subject to, without ambiguity.
Data at Rest
Each virtual drive is encrypted using a unique 256bit AES-XTS key ensuring a high level of protection for all user data residing on CloudSigma physical drives. Critically, this protects against the most common form of data leakage in public clouds, through re-assigned physical data blocks. Data leakage of this type occurs when a virtual drive of one user is deleted and the same physical data space is later used in relation to a new virtual drive created by a different user. If the new drive is empty, a malicious user can lift data from the old (now deleted) virtual drive. Unlike the CloudSigma product, many public clouds currently provide no protection against this simple threat.
Data in Transit
Within the cloud peer to peer storage traffic is isolated to a private network not accessible or visible to users or their virtual machines
Each user‘s public facing IP traffic is isolated from all other users in the cloud. This prevents any user from seeing and potentially snooping on other cloud users‘ IP traffic
CloudSigma offers VLAN functionality (available for purchase on subscription) to allow users to create a completely isolated private network between their chosen virtual servers.
The CloudSigma web interface and API are only accessible via fully encrypted 128bit SSL connections. Likewise, all API calls require identification through a user’s UUID and secret API key.
CloudSigma offers a full suite of cloud security tools to enable our customers to securely conduct their computing in the cloud. These tools include two-factor authentication for web console access, IP address white lists for API access and more.