cloudHPC data security
CloudHPC data security is a very important task to guarantee. In an cloudHPC system like ours we often deal with massive data coming from engineers which can be under NDA (Non Disclosure Agreement) between users of our platform and their clients or protected by patent. For this type of situation making sure data are reserved and safely stored is mandatory and a goal we are comminting to achieve every day.
Let’s now have a look at the structure of the platform and how security has been implemented considering the three phases of the cloud: local storage, data transfer and cloud storage.
The local storage is the initial stage of any cloudHPC use. In this phase all the data are present on the user local computer and, consequently, are not available pubblicly on the web or to any third part. As a consequence, security of your data while they are in local storage is achieved by simply not sharing them anywhere else and, our platform, does not access your data unless you intentionally upload on the system.
Data transfer is that process in which data are uploaded from your computer to the cloudHPC system (or downloaded from cloudHPC to your computer). This phase of cloudHPC data security is critical because third part can detect the transfer and steal information during this phase. In order to avoid this, data encryption is enabled in this phase. Encryption means HTTPS protocol is used – where the final “S” represents the SSL protocol used to encrypt the data. To verify this make always sure that in the URL bar you have a small locker icon next to the URL of our HPC system.
If you click on the locker you can also get info about the SSL certification used to encrypt the data, released by a third part authority. There are two different type of certifications actually used: one for the website and the second one for the remote desktop feature – this works like a separate web-site for which a separate SSL certification was required.
Once data have been transferred to the cloudHPC servers then it is important to guarantee that any user can access only his own data. This part of cloudHPC data security is achieved separately in the two part of the process where data are stored. Generally speaking, your data are made available on the STORAGE: this is a web space dedicated only to you. This web space is separated from one user to another and the access to the data is made only by dedicated service accounts. Every user has his own service account which has the right to access only the data on his own web space. In this way security is guaranteed twice.
The second process where data are used is the actual simulation. In this phase data are transferred from the STORAGE to a dedicated virtual machine where the simulation runs. In this phase security and privacy is guaranted in several phases:
- Virtual machine is always generated and then deleted upon user request. We never reuse the same virtual machine twice
- Every virtual machine has only access to one service account and, consequently, to only one web space where data are stored generally
- SSL data encryption when transferring data to/from the virtual machine to the STORAGE
On top of this, user can interact with the virtual machine in two different ways:
- SSH connection where again SSL encryption is used. SSH connection is available only upon registration of a key which uniquely identify the user in the profile settings.
- Remote desktop connection. As quickly mentioned before, this is like a dedicated web site where again HTTPS with SSL encryption is used to disallow any third part to listen the communications between the user and the server machine.
Certification ISO 27001
For even more security, often companies provide certification ISO/IEC 2001. This is an international standard on how to manage information security. Currently [October 2022] our cloudHPC platform is NOT certified ISO 27001. We are starting this certification process but, in the current situation, we cannot give any expected time to complete this. Further notice on this are going to follow as soon as they are available.