Security at Linode


Linode is committed to the security of our infrastructure and our users' data. Every component of our infrastructure has been designed to give you the foundation to build secure systems and applications to meet your needs.



Shared security model

Security is up to all of us.

Security is a shared responsibility at Linode. We control the physical hosts up to the hypervisor and can offer a high level of physical and environmental security with both our compute and storage offerings. You're responsible for making sure your Linode’s installed applications and code are securely configured and patched. By following best practices, you can build environments to meet the exacting standards required by HIPAA, PCI-DSS, GDPR and your customers.

Vulnerability Management

Find, fix, repeat.

Linode is constantly scanning our networks and systems supporting your Linodes to ensure that systems under our control are configured correctly and are up-to-date with patches. Here's what we currently do to protect the infrastructure:

  • Linode has partnered with HackerOne to operate a bug bounty and disclosure program. We happily pay security researchers who find and document vulnerabilities in our applications.
  • We scan the hosts that support our Linodes for security vulnerabilities regularly.
  • We perform penetration tests on the hosts that support our Linodes on an annual basis.
  • We perform regular application testing on the applications that you use to start and configure your Linodes.

Physical Security and Networking

Keeping our systems safe and the lights on is a full time job. Here's how we do it:

Each of our data centers has extensive physical, environmental and network capabilities in place:

  • Access to the data center floor is restricted to data center employees and authorized visitors.
  • Data Centers are staffed 24/7/365 with security guards and technicians.
  • All employees and visitors are identified using biometrics and state issued Ids before entering the facility.
  • HVAC and power have redundant systems, so if one goes out, the others keep our systems powered and within operating temperature.
  • All of Linode's systems are segregated from other tenants by locking cabinets. Only datacenter staff assigned to supporting Linode systems have access to the keys.
  • Multiple Internet carriers using independent fiber connections to the datacenter floor.
  • Our networks within the data centers have redundant routers, switches and service providers. Multiple systems can fail without affecting downtime or performance.

Certifications

Don't take our word that our data centers are secure and reliable. Take their auditors' word for it.

Each of our data centers offer a variety of certifications:


Atlanta

  • SOC 1 Type 2
  • SOC 2 Type 2
  • SOC 3
  • HIPAA Type 1
  • PCI DSS

Dallas

  • SOC 2 Type 2
  • SOC 3

Frankfurt

  • ISO/IEC 27001:2013
  • PCI DSS

London, UK

  • ISO 14001:2004
  • ISO 22301:2012
  • ISO/IEC 27001:2013
  • ISO 50001:2011
  • ISO 9001:2008
  • OHSAS 18001:2007
  • PCI DSS
  • SOC 1
  • SOC 2 Type 2
  • SOC 3

Newark, NJ

  • SOC 1 Type 2
  • SOC 2 Type 2
  • HIPAA Type 1
  • HITECH
  • PCI DSS

Singapore

  • ISO/IEC 27001:2013
  • PCI DSS

Tokyo 1

  • ISO/IEC 27001:2013

Tokyo 2

  • SOC 1 Type 2
  • ISO/IEC 27001:2013

Compliance

Linode’s compliance information can be found here.

Recommendations

Linode recommends that you perform basic hardening on your Linodes.

For some guidance on how to harden your systems, start here:

For more advanced security guidance, we recommend following an industry accepted hardening standard. The two most accepted are the Center for Internet Security Benchmarks and the Defense Information Systems Agency's Security Technical Implementation Guides (DISA STIG)

Both the CIS Benchmarks and DISA STIGs include hardening guidance on operating systems and common applications. Following these guidelines go far to reduce the risk of compromise of your systems and infrastructure.