Joviam’s cloud architecture was developed from the ground up with security in mind. We use the Xen hypervisor with a proven security track record.
We operate segregated networks for command and control, storage and customer traffic. These are air-gapped networks running on different switches. For example, storage runs on InfiniBand and customer traffic runs on a secure, encrypted Ethernet network. These are not connected to prevent customer traffic from leaking into internal networks and also to secure our command and control channels.
All access to our internal network is performed over a certificate based VPN with strict access controls, and only tier 3 engineering staff have access to this network. All external communications are performed over SSL encrypted connections. Plain text passwords are never stored; Joviam encrypts and salts all credentials.
We have strict access control systems to ensure that all customer data is contained within their user account and isn’t able to be mounted by any other user.
As an infrastructure provider, we allow you to encrypt your instance storage if you require. Best of all, as you’ve performed this, Joviam employees have no knowledge of your password.
Our entire cloud infrastructure, including servers and networking, reside in Equinix Tier 3 SY3 data centre in Sydney, Australia and Equinix Tier 3 SV2 data centre in San Francisco, USA. These data centers require stringent security measures, including full registration of parties prior to access.
We also enforce our own security procedures. Only senior management and operations staff are registered for access to the data centres and internal documentation about the location and configuration of hardware. We perform police background checks on all employees, and mandate a clean criminal record before employment. We’ve also informed data centre security to contact us for confirmation before giving access to anyone claiming to be an employee.
All our racks are locked, and have strict access controls. All premises have CCTV recording, including the data centres and our corporate offices. Both are protected with biometric scanners and at least two locked doors. We also mandate all employees use full drive encryption on their workstations, use automatic security updates and are routinely audited.
Under no circumstances (ever) do we allow third party access to any of our facilities.
As a company policy, we do not mount instance partitions in storage devices. This means we cannot perform certain management services for customers, but we believe this is the only acceptable position.
When you create Linux and FreeBSD instances, root accounts must be protected with a password before in-band access with SSH can be gained. The Joviam panel also allows for the importing of public SSH keys into instances using our internal context system upon provisioning. This ensures you never have to log in with a plain text password.
Windows Server instances are unable to be accessed over the public internet with RDP until a password is set in the console. In both these cases, we are either never privy or cannot know the passwords used by partners or customers.
Our platform segregates networks, customer accounts and instances. Customers attempting unauthorized or illegal access to networks, instances or customer accounts will not be tolerated and will result in account termination. This includes interfering with, or circumventing, security measures.
These conditions are clearly defined in our Acceptable Use Policy.