Data Security

At Leafcloud, we care a great deal about your privacy and the security of your data. Here you can find out all about how we go about guaranteeing data security.

Disaggregated storage and compute

Distributed cloud architecture

Full disk encryption

Data processing on Leaf sites

Data storage in a Tier-III datacenter

Software

ISO 27001

Distributed cloud architecture

Leafcloud uses a distributed architecture. It consists of a core, housed in a traditional Tier-III data center, and several Leaf sites. Each site is connected to the core using a private dark-fiber connection.

Disaggregated storage and compute

Data at rest is always stored in the data center. A compute instance (VM) starts with a network-attached disk, only reading the bits needed for processing at the Leaf site and confining these to the RAM. This means data is never stored at a Leaf site and no data can be stolen from a compute instance at a Leaf site.

Full disk encryption with LUKS

All volumes are encrypted by default using Linux Unified Key Setup (LUKS), a kernel-based encryption method. With this mechanism, storage data is only decrypted and encrypted on the VM instance. As a result, no data traverses the network unencrypted.

Secure data processing at our Leaf sites

Leafcloud Leaf sites are housed at undisclosed locations. Access to Leaf sites is strictly controlled and Leaf sites contain several layers of security. These include but are not limited to:

• Multiple layers of physical access control
• CCTV surveillance
• Facility access logging
• Full disk encryption

Despite the unlikely event of unauthorized access, servers housed in Leaf sites are devoid of compromising data. Sensitive data on Leaf sites is limited to passage through RAM. This means data is never stored at a Leaf site and no data can be stolen from a compute instance at a Leaf site.

Secure storage at our Core

Your data is stored at our core location in a T-III data center with the following certifications:

Software

Leafcloud uses OpenStack, which is an open-source cloud initiative and therefore both transparent and constantly being improved. With over 500 member companies and thousands of active users it is the largest open-source cloud computing platform. Our OpenStack cluster utilizes the best practices for multi-tenancy on a cluster. This includes using the KVM Hypervisor and GRE separated user networks. Our implementation partner StackHPC has years of experience building and hardening OpenStack clusters.

Certifications

Leafcloud maintains strict data security standards and is audited annually to maintain ISO27001 and SOC2 certifications.

For additional information, contact us at hello@leaf.cloud