Concepts - Security overview
Public Cloud Databases security overview
Public Cloud Databases security overview
Last updated 21st November 2022
OVHcloud Public Cloud Databases allow you to focus on building and deploying cloud applications while OVHcloud takes care of the database infrastructure and maintenance.
This guide lists and explains security measures implemented for the Cloud Databases services.
OVHcloud Public Cloud Databases as a whole are ISO/IEC 27001, 27017 and 27018 and HDS certified.
Those certifications assure you that our solutions meet highest security standards.
Learn more about certified services at OVHcloud here.
In addition, the service is GDPR compliant.
Those certifications cover all DBMS in the Public Cloud Databases offer, you can find the complete list on the Public Cloud Databases web page.
When choosing Business and Enterprise service plan, your data is replicated across multiple nodes, ensuring high availability of your data.
Public Cloud Databases services are backed up on a daily basis. Those backups are encrypted and uploaded to a remote, replicated storage backend, in a different datacenter from the database service. In case of a catastrophic failure of one of our datacenters,you will still be able to recover your data, with a 24 hours data loss maximum. Backup frequency and retention may vary depending on DBMS and service plan selected.
We perform end-to-end encryption for all our Public Cloud Databases and backups.
To ensure your data is safe, all inbound and outbound network traffic to your database services is TSL encrypted.
Customer access to provided services is only provided over TLS encrypted connections. There is no option for using unencrypted plaintext connections.
Communication between virtual machines within Public Cloud Databases is secured with either TLS or IPsec. There are no unencrypted plaintext connections.
At-rest data encryption covers both active service instances as well as service backups in cloud object storage.
All customer data stored on disk is encrypted using LUKS.
A unique key is generated for each database service or backup, and is never re-used. The key is never re-used and will be trashed at the destruction of the instance, so there’s a natural key rotation with roll-forward upgrades. We use the LUKS2 default mode aes-xts-plain64:sha256 with a 512-bit key.
Client side-encryption allows a customer to encrypt data from the sender's side, before the transmission, with his personal encryption key.
We do not provide client-side encryption so far.
The operation team in charge of the maintenance of the Public Cloud Databases services is constantly monitoring CVE on the different DBMS available. This monitoring is done through different channels, official mailing lists, security community, internal security check...
We are also in constant communication with MongoDB team, in order to provide fast and smooth transition to the latest security version of MongoDB.
Public Cloud Databases provide interconnection with your private network. This option allows you to connect your database to other services in your private network, isolating your service from the outside.
All database services are IP restricted. By default, services are not accessible. Users can specify unique IP or IP blocks from which the service will accept connections. IP restriction prevents all attacks from the outside of a specific information system.
Visit our dedicated Discord channel: https://discord.gg/ovhcloud. Ask questions, provide feedback and interact directly with the team that builds our databases services.
Please feel free to give any suggestions in order to improve this documentation.
Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.
Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.
Thank you. Your feedback has been received.
Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.Discuss with the OVHcloud community