Security
We are committed to the security of our infrastructure and our users' data. Every component of our infrastructure has been designed to give you the foundation to build secure systems and applications to meet your needs.
Shared Security Model
Security is up to all of us.
Security is a shared responsibility at Linode, now Akamai. We control the physical hosts up to the hypervisor and can offer a high level of physical and environmental security with both our compute and storage offerings. You're responsible for making sure your Linode’s installed applications and code are securely configured and patched. By following best practices, you can build environments to meet the exacting standards required by HIPAA, PCI-DSS, GDPR, and your customers.
Vulnerability Management
Find, fix, repeat.
Linode is constantly scanning our networks and systems supporting your Linodes to ensure that systems under our control are configured correctly and are up-to-date with patches. Here's what we currently do to protect the infrastructure:
- Linode has partnered with HackerOne to operate a bug bounty and disclosure program. We happily pay security researchers who find and document vulnerabilities in our applications.
- We scan the hosts that support our Linodes for security vulnerabilities regularly.
- We perform penetration tests on the hosts that support our Linodes on an annual basis.
- We perform regular application testing on the applications that you use to start and configure your Linodes.
Please report any security vulnerabilities via our disclosure program, which outlines how you can contact our security team.
Physical Security and Networking
Keeping our systems safe and the lights on is a full-time job. Here's how we do it:
Each of our data centers has extensive physical, environmental, and network capabilities in place:
- Access to the data center floor is restricted to data center employees and authorized visitors.
- Data Centers are staffed 24/7/365 with security guards and technicians.
- All employees and visitors are identified using biometrics and state issued Ids before entering the facility.
- HVAC and power have redundant systems, so if one goes out, the others keep our systems powered and within operating temperature.
- All of Linode's systems are segregated from other tenants by locking cabinets. Only datacenter staff assigned to supporting Linode systems have access to the keys.
- Multiple Internet carriers using independent fiber connections to the data center floor.
- Our networks within the data centers have redundant routers, switches, and service providers. Multiple systems can fail without affecting downtime or performance.
Certifications
Akamai's cloud computing services (Linode) are certified for ISO 27001, ISO 27701, ISO 27017, and ISO 27018, SOC2 Type 1, and HIPAA. The data centers listed below have the following certifications:
Atlanta
- SOC 1 Type 2
- SOC 2 Type 2
- HIPAA
- PCI DSS
Dallas
- SOC 2 Type 2
- SOC 3
Frankfurt
- ISO/IEC 27001:2013
- PCI DSS
Fremont
- SOC 2 Type 2
London
- ISO 14001:2015
- ISO 22301:2012
- ISO/IEC 27001:2013
- ISO 50001:2011
- ISO 9001:2015
- OHSAS 18001:2007
- PCI DSS
- SOC 1
- SOC 2 Type 2
Mumbai
- ISO 27001
- ISO 9001
Newark
- SOC 1 Type 2
- SOC 2 Type 2
- HIPAA/HITECH Type 1
- PCI DSS
Singapore
- ISO/IEC 27001:2013
- PCI DSS
Sydney
- SOC 1 Type 2
- SOC 2 Type 2
- PCI DSS
- ISO/IEC 27001:2013
Tokyo
- SOC 1 Type 2
- ISO/IEC 27001:2013
Toronto
- ISO 27001
- SOC 1
- SOC 2
- PCI DSS v3.s
- NIST 800-53
Compliance
Linode’s compliance information can be found here.
Recommendations
Linode recommends that you perform basic hardening on your Linodes.
For some guidance on how to harden your systems, start here:
For more advanced security guidance, we recommend following an industry accepted hardening standard. The two most accepted are the Center for Internet Security Benchmarks and the Defense Information Systems Agency's Security Technical Implementation Guides (DISA STIG).
Both the CIS Benchmarks and DISA STIGs include hardening guidance on operating systems and common applications. Following these guidelines go far to reduce the risk of compromise of your systems and infrastructure.