Data Security
This article explains how IONOS ensures the security of your data through encryption at rest and secure deletion practices.
Encryption at Rest
IONOS provides block storage encryption to help secure your data at rest. Encryption at rest refers to protecting data stored on physical storage devices. It ensures that data is encrypted when stored on disk and can only be accessed by authorized users with the correct encryption keys.
Encryption protects sensitive information from unauthorized access. It also reduces the risk of data leakage by ensuring that even if data is stolen, it remains encrypted and unusable without the appropriate keys.
IONOS implements encryption at rest for Block Storage at two levels:
Logical Volume Encryption:
All logical block storage volumes created after the feature's availability are automatically encrypted.
The encryption method used is AES-XTS 256-bit.
Each block storage volume uses a unique encryption key, ensuring that others remain secure even if one volume's security is compromised.
These unique encryption keys are securely stored and remain inaccessible even to the root user, adding an extra layer of security.
Optional Drive-Level Encryption:
This additional encryption is applied when the storage backend uses self-encrypting drives (SEDs).
Currently, SSD Premium and SSD Standard storage options benefit from this feature.
The drives employed by IONOS support AES-XTS 256-bit encryption, which is one of the strongest encryption standards available.
Encryption Key Management
The security of encryption keys is crucial to maintaining the overall security of your data. IONOS implements the following key management practices:
Key Invisibility: Encryption keys are not visible on the storage server, preventing unauthorized access.
Infrastructure-Bound Access: Drives and volumes can only be accessed within the IONOS infrastructure. This means that even if a drive was physically removed from the data center, it would remain inaccessible.
Secure Passphrase Retrieval: The storage server requires a passphrase to access a drive or volume. This passphrase can only be retrieved through a secure process:
The request must be authenticated (proving the identity of the requester).
The request must be authorized (confirming the requester has the right to access).
The request must be encrypted (protecting the passphrase during transmission).
Data Inaccessibility: The volumes and user data remain completely inaccessible without properly unlocking the drives or volumes using the correct passphrase.
Secure Deletion
Secure deletion ensures that it cannot be restored once data is deleted, even with access to the physical media.
To comprehend the secure deletion process, it's essential to understand the role of logical volume metadata:
Information Repository: Metadata is a storage location for crucial block device information, including volume names, sizes, encryption methods, unique identifiers (UUIDs), and other relevant details.
Block Mapping: Metadata functions as a block map, linking the logical volume to the underlying physical volumes (block devices).
When you initiate the deletion of a Block Storage volume, IONOS takes the following steps:
The volume is immediately flagged for deletion and inaccessible to all systems and users. The deletion can be deferred for up to 48 hours for security reasons.
IONOS guarantees that the metadata of the deleted volume is "zeroed out.":
All metadata information is securely overwritten with zeros.
The process effectively destroys the block mapping between the logical and physical volumes.
Without the block mapping provided by the metadata, retrieving user data for the specific volume becomes impossible. The metadata is a required component of the encryption key. Deleting the metadata effectively destroys the encryption key. With the encryption key destroyed, the encrypted user data can no longer be decrypted, even if it were to be recovered by any means.
Last updated