Encryption

[Update: June 20, 2018]

Overview

Similar to the majoriy of public clouds and hosting services, SAKURA Cloud does not provide a standard encryption function that enables optimal configuration settings in accordance with the conditions of each customer. For usage that requires advanced protection (for example, handling online payment information, personal information, etc.), there are cases in which it is necessary to improve safety through encryption, etc., using OS or application functions in preparation for eavesdropping, identity fraud, etc. This section provides information useful for when devising countermeasures via encryption.

Warning

Our company does not support the results of using these functions in Scope of customer administrative responsibility; for example, servers, disks, etc. For details, please contact each vendor of the developer.

Also, information is listed regarding encryption of the control panel, API, and other locations provided by our company as SAKURA Cloud functions.

About storage

It is possible to encrypt the entire disk via LUKS, which can be used with many Linux distributions. Even in the case of data leakage due to physical theft of storage, fraud of disk image files, errors, etc., it is not possible for a third party who does not possess the password or other key for decryption to read the contents of the disk.

For detailed information on LUKS, please refer to cryptsetup.

About network settings

SSH is the standard for managing the server from a remote location. Encryption is used for the communication route from the client application operating at the remote terminal to the SSH daemon of the connection destination host. Therefore, it is not possible to eavesdrop on the command being exchanged from the packet passing through the communication line. Also, by using a SCP function, you can use an encrypted safe channel for transfer of large files such as binary data.

The VPN uses a virtual private line to connect networks at remote sites; for example, local networks of your organization, local networks on the cloud, etc. For the VPN, all encryption functions are automatically enabled for PPTP, IPsec, and other protocols used as a standard. This makes communication possible via a safe route. However, the encryption strength varies depending on the encryption method, key length, etc. Therefore, it is safe to select the strongest possible encryption method.

Server

For public servers intended to provide information to an unspecified number of destinations, in the case of web servers, there are methods for using encryption technology to improve safety; for example, encrypting communication between browsers that will become the client or the swap files of the memory save area or highly-confidential files using SSL in order to reduce the possibility of information leakage, etc., even when unknown vulnerabilities in the virtual infrastructure are used maliciously or when there is unauthorized infiltration into the server.

Note

Regarding issuance of SSL certificates, handling is performed via our company’s Sakura SSL service.

Control panel, API

Our company uses SSL/TLS to encrypt the control panel or API used to operate customer resources that were created on the Cloud. This prevents eavesdropping and falsification of the communication contents.