service overview security & compliance€¦ · data privacy and security of all sensitive...

© 2018 Packet Host Inc. PAGE 1 www.packet.net

Private Deployments Overview Deploy Custom Infrastructure Globally with Packet

SERVICE OVERVIE W

Security & Compliance Platform Features and Philosophy

© 2018 Packet PAGE 1 www.packet.com


Your Security is our Obsession

Worried about your data or applications in the cloud? We’re right there with you!

We’ve been building internet infrastructure for long enough to know security is more than just a list of features: it’s a mindset based upon a zero-trust philosophy.

Here are some of the ways that infl uences our product:

• We invest in single tenancy wherever possible.

• We expose hardware security features like TPM.

• We obsess over fi rmware. Seriously, it’s a big deal.

• We build platform features that encourage best practices.

• We protect your data like it is our own.

As you might guess, we spend a lot of our time working with hardware vendors to ensure that layer is as secure as possible, but we also track and support soft ware approaches that help make security easier for our users up the stack.



A Private Estate with No Neighbors

No one likes nosy (or noisey!) neighbors peeking over the fence, watching your comings and goings during the day or stopping by with cookies to get a peek inside your house.

At Packet, we deploy 100% dedicated servers for each instance. This ensures isolation without relying on a shared hypervisor for protection.

Eliminating multiple customers on a single server not only lowers the risks of sidecard injection and similar attack modes, but also maximizes performance. Bonus!

Having a private estate is fantastic, but that doesn’t mean security is guaranteed. That’s why we layer on platform features to help you provision, access and manage your infrastructure safely:

• Doorman Customer VPN

• SSH Access Required

• Two Factor Authentication

• Air Gapped Installs

mfentzloff

Sticky Note

semi-colon here, right?



Only Real People Welcome Here

Security is more than simply protecting the hardware and facilities.

Properly vetting customers during registration is the fi rst step in protecting our entire system. We take the time to verify the identify of all new registrants which protects not only that company but also our existing customer base by not allowing hackers past our front lines.

In addition, we recommend customers activate 2-factor authentication as passwords do tend to have the ability to walk away on their own.

*******PAS SWO R D

PASSWORD:

*********



A Cloud Native Network Topology Isolation at the network layer encourages both performance and security. Most provider networks rely on a shared Layer 2 overlay, which can get both complex and slow. At Packet, we build with a pure Layer 3 topology to ensure the highest levels of performance and security.

Here’s how it works: each server is connected directly (e.g. fully routed) to a top of rack switch. No shared overlay! That’s why you can achieve line rate performance from the NICs on each server you provision. We also provide each project with its own private IP space, so you can securely share traffi c across racks (and even datacenters).

For Layer 2 functionality, we encapsulate packets using VXLAN on top of Layer 3. This provides a highly scalable and secure overlay without the complexity that comes with many network designs at scale.



Stop Right There - Access Denied!

We leverage facilities that meet or exceed industry standards for security and redundancy.

While we don’t build data centers, we do co-locate in the best of the best. Like any discerning customer, we rely on national and international certifi cations when choosing our facilities partners, such as:

• SSAE16 SOC-1 Type II • SCO-2 Type II

• HIPAA • HITEC

• PCI DSS 3.0 • ISO 27001

• ISO 22301 • ITIL v3

While physical security at the data center is only part of the equation, it’s a critical one!



Compliance and Certification

Data privacy and security of all sensitive customer data is the foundation upon which our security philosophy is built.

To fulfi ll this requirement we are actively following the newly released EU General Data Protection Regulation (GDPR) and SOC 2 compliance rules for storing customer data in the cloud.

SOC 2 requires us to establish and follow strict security policies and procedures with respect to your data including:

• Continuous Security Monitoring

• Alert Activity System

• Detailed Audit Trails

• Actional Forensics

GDPR enables EU customers to have complete knowledge of how their data is used as well as the ability to manage that data within a company’s records.



Common Questions Why does Packet remove root passwords after 24 hours? Packet requires all server access for customers to use SSH connections for encrypted access to the machine. Accessing a Linux machine with a root password can open the server to a variety of malicious attacks as applications run as root can modify critical system information.

What hypervisor does Packet use? Packet does not implement virtualization on our hardware so no hypervisor is needed. Each customer is given a fully dedicated server by Packet, and can add their virtualization flavor of choice (or not) as desired.

What Virtual Private Networks (VPN) does Packet run? Packet uses two VPN tools for connections between the customer and their servers and between servers within the Packet cloud. Doorman is a VPN service that helps to secure traffic between you and your servers for management purposes and WireGuard focuses on providing a secure connection between parties over a network interface encrypted with public key authentication.

Is Packet SOC 2 compliant? Yes, Packet is SOC 2 compliant. The Service Organization Control reporting framework requires companies to establish and follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data.

Does Packet follow the new GDPR policy? Yes, Packet is following the EU GDRP policy. The General Data Protection Regulation is an overhaul of the data protection laws protecting all individuals living in the European Union. Packet is complying with these regulations for all citizens of the EU.

Founded in 2014 and based in New York City, Packet has quickly become the provider of choice for leading enterprises, SaaS companies and soft ware innovators. In addition to its global public cloud, Packet’s unique “Private Deployment” model enables companies to automate their own infrastructure in facilities all over the world. Packet is a proud member of the Open19 Foundation, as well as the Cloud Native Computing Foundation (CNCF), where it donates and manages the CNCF Community Infrastructure Lab. Additionally, Packet supports many open source projects, including Memcached.org, NixOS, Docker and Kernel.org.

Phone 1-212-933-9785Email [email protected] www.packet.com

About Packet

The Promise of the Cloud, Delivered on Bare Metal

Packet is the leading bare metal cloud for developers. Its proprietary technology automates physical servers and networks without the use of virtualization or multi-tenancy – powering over 60k deployments each month in its global datacenters.

service overview security & compliance€¦ · data privacy and security of all sensitive...

Documents