Why InMotion Hosting Chose a Privacy First Architecture

Privacy first architecture in the cloud | InMotion Hosting

Protecting User Data in the Era of Public Clouds

Personal information is more valuable and more under siege than ever before. 

Public clouds, governments, private companies, and organizations of all sizes possess and lose more personal data than at any time in history. 

Unfortunately, turning over some degree of personal information is unavoidable in the modern digital economy. 

Some governments have attempted to legislate privacy, but it may take years before legacy public cloud and technology providers can update their infrastructure and their software to accommodate better privacy.

InMotion Hosting has taken a different approach in building a whole new cloud platform.

What Does “Privacy First” Mean?

Privacy should be a relatively simple thing to define. But these days privacy seems to be a slippery concept.

InMotion Hosting believes that privacy means 

  • Giving you control over your data 
  • Providing you the tools and know-how to manage the safety and security of that data 

We understand that you cannot comfortably assert your privacy standards if your hosting provider or cloud operator can easily access the underlying hardware or servers that house your data. 

HTTPS and other in-transit technologies can help secure your data from onlookers or middle persons, but what can you do when the threat comes from the inside?

Flex Metal Cloud: Privacy First in Practical Terms

There are several measures InMotion Hosting takes to help provide a safer, more private environment for Flex Metal Cloud users from the ground up. 

These measures build on top of our existing industry-standard security measures and policies.

Dedicated Control Planes

There are a minimum number of services that are required to operate a cloud infrastructure. These services are commonly called the control plane

Public clouds generally use a single instance of these control plane services to power public clouds hosting dozens, hundreds, or even thousands of separate unique users and their data. 

This can mean that your data—or data about your individual cloud usage—runs through the same systems and services as other customers’ information. These control planes can also provide a single attack surface for malicious actors to target customers’ data.

Cloud providers do put in a great deal of work to reduce this risk. 

OpenStack’s control plane services do not house any customer data and are generally recognized as a leading example of how to design cloud services with privacy as the driver. 

But even the chance of sharing data or services with other users can be too much of a risk for service providers who must take the utmost care with their users’ data—especially if that care is legally mandated. 

Each Flex Metal Cloud has its own fully isolated and private control plane. You can rest assured that no other user’s data will ever be intermingled with your Flex Metal Cloud in any way.

Pre-configured Industry-Standard Security Models

Too many hacks and data breaches happened because someone did not properly configure the Access Control Lists or Role-Based Access Controls for a storage bucket or cloud system. Thus, sensitive, personally identifying information was publicly accessible. 

InMotion Hosting has designed Flex Metal Cloud’s security model to start with a complete set of access controls that secure your data against all external access by default. 

You dictate explicitly what traffic your cloud network will allow for each individual host. 

We use OpenStack’s powerful management features to provide a full arsenal of security rules and access controls to educate on how to secure access to your workloads and applications while ensuring your users can conveniently make use of your Flex Metal Cloud.

Support Only Has Access When You Say So

Once your Flex Metal Cloud has been provisioned, your cloud is yours and yours alone. Our experienced team of systems admins are available to help you, but only when you say so. 

The Flex Metal Cloud platform gives you full control over when we can access your cluster hardware. Unlike other providers, where virtually any team member can access your infrastructure (i.e. your data), we only have access for as long as you grant us.

Open Source Software

Flex Metal Cloud is built on open source technologies like Ceph, OpenStack, Docker, and Ansible. 

Open source software by its very openness can be more trustworthy and secure than closed source proprietary solutions

Healthy open source projects like Ceph and OpenStack have entire communities of security and software experts scrutinizing code as it is submitted for inclusion. 

Open source software projects are also much more accountable to their members than giant, monolithic closed source platforms.

Network Security

InMotion Hosting segregates cluster traffic at the networking level. 

Each Flex Metal Cloud has its own set of entirely private virtual networks for its network traffic. 

Other cloud providers route traffic through the same network or otherwise co-mingle customer traffic to save on their costs. 

Private virtual networks and network segregation, especially when combined with other technologies like HTTPS/TLS, mean you can rest assured that your traffic is protected from snoopers or potentially malicious actors on the same physical network.

Dedicated Cloud Storage

Many cloud hosting providers use a single large shared pool of cloud storage to provide the disk space for the virtual machines they sell to their users. 

This means that your data at such a provider would live on the same physical disks and servers as other customers’ data. 

Now, those providers probably do take care to protect their users’ data somewhat, but this kind of closeness and intermingling can be uncomfortable for users who have been entrusted with extremely sensitive information about their own end-users. 

These providers intermingle data because it is cheaper and simpler for them to operate a large shared pool of cloud storage.

Thanks to advancements in storage technology and software, however, Flex Metal Cloud can provide extremely cost-effective, high-capacity, entirely private dedicated cloud storage using Ceph. 

Your Flex Metal Cloud has its own Ceph cluster that is for your cloud and your data only. Your data is entirely isolated to your own cloud while still being low-cost, highly-available, and highly-redundant.

Reclaim Your Data in the Private Cloud

We designed and built Flex Metal Cloud to help both cloud-experienced and new-to-the-cloud alike build a better, safer Internet for their own end-users just as we have for our traditional hosting users throughout our history. 

We hope you will consider joining us in our mission as we seek to improve and grow OpenStack and Ceph into the next major cloud platform.

Posted in News on

Was this article helpful? Join the conversation!