Block Storage security specifications

Objective

In addition to the responsibility model for Public Cloud Block Storage, this security fact sheets aims at describing security features and functions associated to the service. It also describes best practices that customers can adopt to secure their Block Storage volumes based on OpenStack technology.

1. Certifications

ISO/IEC 27001
ISO/IEC 27701
ISO/IEC 27017
ISO/IEC 27018
HDS
SOC 1 type II
SOC 2 type II
CSA type II
C5 type II

2. Recommendations once the service is delivered

Once you have subscribed to an Public Cloud Instance service, you can add your Block storage volumes. You can manage users' rights through the Users & Roles section in the OVHcloud Control Panel by following this guide.

3. Service Level Agreement (SLA)

The SLA varies between 99.999% and 99.5% and differs between offers and ranges. Please refer to the specific terms and conditions of service for more details.

4. Backups

You must implement an additional backup device based on customer tools or options offered by OVHcloud such as a second server, Additional IP, etc.

Option	Granularity	RPO	RTO	Documentation
Volume backup	The Block Storage volume	Depends on the date of the last backup and how long it takes to resolve the case	Depends on the volume size	Creating a volume backup

5. Logs

Source	Content	Documentation
Control Panel	Logs of interactions made by admin, technical or billing contacts in the Control Panel and services they have access to, using API calls.	- https://eu.api.ovh.com/console/#/me (see `/me/api/logs`) - List of API calls done with your account - List of API calls done on services you have access to - Get your audit logs

6. API

Name	Capacity	Documentation
Control Panel and service	Manage customer accounts and services on which each account has access rights.	Managing volumes using the OpenStack API

7. Accounts - User

7.1 Control plane

Using your customer account via the OVHcloud Control Panel, you are able to manage your service using three different contacts.
OVHcloud uses another account with an internal ID to refer a customer having subscribed to several services.

To enforce security access to your account on the Control Panel, we recommend activating a two-factor authentication mechanism or SSO (Single Sign-On) authentication.

7.2 Data plane

Once you get your credentials, you are autonomous to create user accounts on your OS and applications you've installed.

8. Features and options available at service delivery

8.1 HDS option

The HDS option can be activated on the service.
The subscription to the Business support level is mandatory, at least to maintain necessary requirements.

9. Reversibility

To ensure reversibility on the service, you may follow the specific reversibility policy to import and export your data in complete autonomy.

9.1 Erasure of customer data

Once you have destroyed your Public Cloud project in the OVHcloud control panel, all allocated resources are released.

Was this page helpful?