At Leafcloud, we care a great deal about your privacy and the security of your data. Here you can find out all about how we go about guaranteeing data security.
Disaggregated storage and compute
Distributed cloud architecture
Full disk encryption
Data processing on Leaf sites
Data storage in a Tier-III datacenter
Leafcloud uses a distributed architecture. It consists of a core, housed in a traditional Tier-III data center, and several Leaf sites. Each site is connected to the core using a private dark-fiber connection.
Data at rest is always stored in the data center. A compute instance (VM) starts with a network-attached disk, only reading the bits needed for processing at the Leaf site and confining these to the RAM. This means data is never stored at a Leaf site and no data can be stolen from a compute instance at a Leaf site.
All volumes are encrypted by default using Linux Unified Key Setup (LUKS), a kernel-based encryption method. With this mechanism, storage data is only decrypted and encrypted on the VM instance. As a result, no data traverses the network unencrypted.
Leafcloud Leaf sites are housed at undisclosed locations. Access to Leaf sites is strictly controlled and Leaf sites contain several layers of security. These include but are not limited to:
• Multiple layers of physical access control
• CCTV surveillance
• Facility access logging
• Full disk encryption
Despite the unlikely event of unauthorized access, servers housed in Leaf sites are devoid of compromising data. Sensitive data on Leaf sites is limited to passage through RAM. This means data is never stored at a Leaf site and no data can be stolen from a compute instance at a Leaf site.
Your data is stored at our core location in a T-III data center with the following certifications:
Leafcloud uses OpenStack, which is an open-source cloud initiative and therefore both transparent and constantly being improved. With over 500 member companies and thousands of active users it is the largest open-source cloud computing platform. Our OpenStack cluster utilizes the best practices for multi-tenancy on a cluster. This includes using the KVM Hypervisor and GRE separated user networks. Our implementation partner StackHPC has years of experience building and hardening OpenStack clusters.
Leafcloud maintains strict data security standards and is audited annually to maintain ISO27001 and SOC2 certifications.