What Security Certifications does Linode have?
I'm looking to use Linode as my hosting provider, what certifications are available?
All of Linodes security, certifications, and compliance information can be found on the Security at Linode page.
Linode complies with many industry security standards. However, as an unmanaged infrastructure provider Linode can only guarantee that its infrastructure is secure. Any applications or software that are installed on your Linode will have to be secured by you.
Additionally, it is possible to utilize Linode's services to meet HIPAA, PCI-DSS, and GDPR environment standards.
If you need additional documentation for any specific compliance or certification, Linode can provide it upon request. All you would need to do is open a support ticket from Linode Manager.
I've included a link to another community post about security on your Linode. This covers how to investigate or keep clear of any compromises.
I use Linode services which I'm happy with and use the London and Sydney datacentres. These are provided by Equinix and each time I ask for any information security certification they send me the Equinix certificates - which is fine for the physical facilities. However I use software provided by Linode such as Linode Cloud Manager and support staff, but after requesting it several times Linode itself does not appear to have it's own Security Certification or any independent assurance reports over Linode's information security practices. Surely this cannot be right.
According to this page they are PCI-DSS certified “through regular scans and evaluations, Linode adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures”.
For me that should cover Cloud Manager (as that’s where the credit card payments are processed) and the support element (processes and procedures)
I’m surprised if they cannot provide the certification.
While we do publicize our compliance information on our site, you're correct that we do not have a specific security certification for Cloud Manager; I've passed this feedback along to our team internally. That said, we are PCI-DSS certified and can provide that certificate upon request via Support ticket. Our data centers also have a variety of compliance certifications that can be requested via ticket. More information about how Linode maintains compliance and information security can be found at the following links:
BTW I'm very very happy with Linode - support is great, cloud service is great but I'm being assessed by my customers.
So I was expecting something similar from Linode: