Information security when using Servercore services
Servercore ensures the information security of its products, services, and offerings from the moment of account registration in the Control panel until the moment of account deletion.
The lifecycle of a Servercore customer as a user of services begins at the moment of creating an Account Owner account. At all stages of the customer lifecycle, support and interaction regarding their requests are provided within the scope of technical support. We will automatically delete customer data:
- when deleting account owners;
- or when services provided to the customer are disabled due to non-payment.
The owners of data are the customers of Servercore services. Servercore does not have default access to information that customers post and store in information systems created based on Servercore products, services, and offerings. Servercore is not responsible for the security of such information. However, Servercore may notify the customer of an incident within our area of responsibility if, in Servercore's opinion, such an incident could have affected the customer, their information systems, and the information processed by them.
Servercore pays close attention to the access management procedures for its employees and contractors. This helps minimize information security risks: accumulation of excessive privileges, unauthorized access, and misuse of Servercore or customer information assets.
Servercore procedures guarantee that only authorized employees or contractor representatives receive access to Servercore resources. Access is granted based on the principle of least privilege required for job duties or contractual obligations.
All employees sign a non-disclosure agreement and undergo regular training and awareness building in the field of information security.
Personal data
Servercore maintains the confidentiality of the personal data you provide when you create an account in the Control panel and provides it in any available form upon your request.
We may print your personal data to comply with legal requirements or upon your request, for example, to prepare paper copies of contracts and acts between us.
Account and its compromise
If you have trouble accessing your account, you can restore access to the account.
If the account has been compromised or you suspect a compromise:
- change your password and email address;
- terminate all active sessions;
- check the user list for accuracy and pay special attention to service users. The list of users can be viewed by the Account Owner and a user with the
iam.adminrole in the Control panel: in the top menu, click IAM → Users or Service Users section. Learn more about roles in the Access management in Servercore products guide.
Access management
The access of other users to Servercore services, products, and offerings is managed by the Account Owner.
User access rights are separated through user roles, which define access within each user type.
Learn more about access management in the Access Separation section.
Use of services
Information about the use of Servercore services, products, and offerings is confidential. Access to this information is strictly regulated, and only secure communication channels are used for transmission.
Virtualization security
Servercore ensures the security of virtualization technologies against unauthorized access to information and data leaks. To this end, vulnerability management, antivirus protection, and access control technologies and tools are applied at the management infrastructure and virtualization system level, including privileged user activity monitoring and protection against network attacks.
Customer infrastructure isolation
Every Servercore customer's infrastructure is isolated on several levels:
- control panel level;
- infrastructure level.
Infrastructure objects are created, modified, and deleted by platform tools. Computing resources allocated for such objects are reserved for the customer and are not used in infrastructures belonging to other customers. Depending on the specifics of the service, product, or offering, isolation is performed at the physical or logical level. Virtual resources are isolated at the virtualization environment level, while dedicated server resources are isolated at the hardware and network level.
Temporary file deletion
Temporary files processed by Servercore infrastructure objects do not contain personal data. Upon completion of work with an infrastructure object, temporary files are automatically deleted by platform components.
The deletion of temporary files created and stored in Servercore products, services, and offerings when you use them is your responsibility.
Use of cryptographic protection tools
Servercore infrastructure objects interact via secure protocols with authentication using digital certificates. For security during data transmission, users connect to the Control panel and API via reliable protocols.
For additional data security, use your own cryptographic protection tools.
Security during service development
When developing services, we:
- analyze the security of the designed architecture and the specifics of the solutions used;
- implement security requirements, policies, and industry best security practices at every stage of the development lifecycle;
- test the implementation of security requirements formed at the stage of building the service architecture or when changes are made to it;
- conduct training and regularly improve the qualifications of employees in the field of information security in their specific areas of activity.
Vulnerability management
We regularly analyze the security of the infrastructure of our products, services, and offerings: we conduct internal and external scanning and penetration tests. This allows us to detect vulnerabilities and resolve them faster.
Learn more about the division of responsibilities regarding information security between us and the customer, as well as the security measures applied, on the Security page on servercore.com.
Notifications about changes, vulnerabilities, and incidents
Information about service availability and the technical maintenance schedule is displayed in the status panel.
Additionally, you can configure account notifications in the Control panel. They notify you about maintenance, changes, failures, and vulnerabilities that may affect infrastructure availability and security.
To ensure that potential consequences of information security breaches are minimized, Servercore has organized an information security incident management process, which includes:
- analysis of monitoring system events, as well as reports from employees, customers, and regulatory authorities;
- identification of IS incidents and analysis of the causes of their occurrence;
- response to IS incidents;
- prevention of incident recurrence.
Customers can report IS incidents through a ticket.
Further work on the incident will depend on whose area of responsibility it falls into.
If the incident is in Servercore's area of responsibility and can cause damage to the infrastructure, we will respond to it independently. If necessary, we will provide information about the incident if it has affected you. We will do this via ticket or account notifications.
If the incident is your responsibility, you must respond to it yourself. Where possible, we will assist you in gathering information about the incident as part of technical support.
In the event of an incident involving unauthorized access to personal data or the means used to process it that could lead to the loss, disclosure, or alteration of personal data, we immediately notify all customers who may be affected. We will do this via a ticket or account notifications.
Information labeling
Servercore does not provide information labeling services. The necessity and methods of labeling information, as well as responsibility for the security of data placed in Servercore products, services, and offerings, are your area of responsibility.
Use of utilities capable of bypassing security procedures
When working with Servercore products, services, and offerings, it is prohibited to use programs that may bypass security procedures or create abnormal load on products, services, and offerings. If you use such programs to analyze the security of your systems, you can coordinate their use via a ticket.
We prohibit the use of our products, services, and offerings for malicious activity: distributing malware, distributing software or other data in violation of intellectual property rights, cyberattacks, etc.
Deletion of customer data
You can delete your account and the data stored on Servercore infrastructure yourself at any time.
If you decide to opt out of products, services, or offerings or fail to pay for them on time, we will automatically destroy all data stored in the Servercore infrastructure within the time frame established by the "Terms of Use for Specific Services" document for the specific product, service, or offering. These can be viewed on the Documents page on servercore.com.
The terms and conditions for deleting our customers' personal data are defined in the Policy on the Processing and Protection of Personal Data document.
Intellectual property rights infringement
If you suspect an infringement of intellectual property rights, report it in a ticket. We will process your request within the scope of our information security incident management process.
Documents
View the terms of contracts for individuals and legal entities, as well as appendices to contracts, on the Legal Information page on servercore.com.
For every document, we maintain a history of changes from the moment of creation. You can request previous versions of documents from us for review.