IO Space

Security Statement Overview

Physical Access
Our entire cloud infrastructure, including servers and networking, resides in Tier 3 data centers in APAC and North America. These data centers require stringent security measures, including full registration of parties prior to access. We also enforce our own security procedures.

Only senior management and operations staff are registered for access to the data centers and internal documentation around the location and configuration of hardware. We perform police background checks on all employees and mandate a clean criminal record before employment. We’ve also informed data center security to contact us for confirmation before giving access to anyone claiming to be an IOI employee.

All our racks are locked and have strict access controls. All premises have CCTV recording, including the data centers and our corporate offices. Both are protected with biometric scanners and at least two locked doors. We also mandate all employees use full drive encryption on their workstations, use automatic security updates, and security requirements are routinely audited.
Under no circumstances do we allow third-party access to any of our facilities.

Logical Infrastructure
Our architecture was developed from the ground up with security in mind. We use the Xen hypervisor with a proven security track record.
We operate segregated networks for command and control, storage, and customer traffic. These are air-gapped networks running on different switches. For example, storage runs on InfiniBand and customer traffic runs on a secure, encrypted Ethernet network. These are not connected to prevent customer traffic from leaking into internal networks and also to secure our command and control channels.
All access to our internal network is performed over a certificate-based VPN with strict access controls, and only Tier 3 engineering staff has access to this network. All external communications are performed over SSL encrypted connections. Plain text passwords are never stored; IOI encrypts and salts all credentials. We have strict access control systems to ensure that all customer data is contained within their user account and that it isn’t able to be mounted by any other user. As an infrastructure provider, we allow partners to encrypt their instance storage if they require.

Access Policy
As a company policy, we do not mount instance partitions in storage devices. This means that we cannot perform certain management services for customers, but we believe that this is the only acceptable position.

When partners create Linux instances, root accounts must be protected with a password before in-band access with SSH can be gained. Windows Server instances are provisioned with temporary, high entropy pseudo-random passwords that Windows requires changing upon first successful login. In both these cases, we are either never privy or cannot know the passwords used by partners or customers. As an alternative, our administrative panel allows partners to import public SSH keys into instances using our internal context system upon provisioning. This ensures that customers never have to submit passwords to us.

Network Segregation
Our platform segregates networks, customer accounts and instances. That said, customers attempting unauthorized or illegal access to networks, instances, or customer accounts will not be tolerated and will result in account termination. This includes interfering with or circumventing security measures. These conditions are clearly defined in our Terms of Use, which all partners agree to abide by upon deployment of the platform.


Learn More About Our Creative Operations Workflow Solutions & Services and How We Can Help Improve Your Business.

Speak With An Expert