Information security when using Selectel services
Selectel is not responsible for the security of information posted and stored by customers on Selectel products, services and facilities.
Selectel maintains the confidentiality of the personal information you provide when you create your dashboard account and will make it available in any available form upon your request.
We may print your personal data to comply with Russian law or at your request, for example, to prepare paper copies of contracts and deeds between us.
We may only disclose personal data to third parties as required by law or if we receive a legally binding request to disclose it. Disclosure of data to third parties will be recorded with information on what data was disclosed, to whom and at what time.
If we receive a binding request to disclose personal data, we will send information about it to ticket if we have a legitimate reason to do so. We will do so no later than 30 days from the date of disclosure of the personal data.
Account and its compromise
If you have problems accessing your account, you can restore account access.
If the account has been compromised or you suspect a compromise:
- change password and email address;
- end all active sessions;
- check that the list of users is up to date and pay special attention to service users. The user list can be viewed by users with the Account Owner and User Administrator roles in control panel under User Management. For more information about roles, see the User Types and Roles manual.
The access of other users to Selectel services, products and facilities is managed by a user with the Account Owner role.
User access rights are delimited through:
- user roles, which define accesses within each user type.
For more information about access control, see Users and Roles (IAM).
Using the services of
Information about your use of Selectel's services, products and facilities is confidential. Access to this information is strictly regulated and only secure communication channels are used for transmission.
Client Infrastructure Isolation
Each Selectel customer's infrastructure is isolated, and Selectel administrators' access to that infrastructure is regulated.
Infrastructure isolation is accomplished on several levels:
- control panel level;
- level of infrastructure.
Infrastructure objects are created, modified and deleted by platform tools. Computing resources that are allocated to such objects are assigned to the client and are not used in infrastructures that belong to other clients. Depending on the specifics of the service, product or service, isolation is performed at the physical or logical level. Virtual resources are isolated at the virtualization environment level, and dedicated server resources are isolated at the technical and networking levels.
Deleting temporary files
Temporary files that are processed by Selectel infrastructure objects do not contain personal data. When you finish working with an infrastructure object, temporary files are automatically deleted by the platform components.
It is your responsibility to delete temporary files that are created and stored in Selectel products, services, and services when you use them.
Use of cryptographic protection tools
Selectel infrastructure objects communicate using secure protocols with digital certificate authentication. Users connect to the dashboard and APIs via secure protocols for secure data transfer.
For additional data security, use your own cryptographic protection tools.
For remote access to the Selectel infrastructure using GOST encryption algorithms, connect the GOST VPN service.
Security in service development
When developing services, we:
- analyze the security of the designed architecture and the specifics of the applied solutions;
- Implement security requirements, policies and industry best security practices at every stage of the development lifecycle;
- test the implementation of security requirements that are formed at the stage of building the service architecture or when the service is changed;
- We conduct trainings and regularly improve the qualifications of our employees in the field of information security in the area of their activities.
We regularly analyze the security of the infrastructure of our products, services and facilities: we conduct internal and external scans and penetration tests. This allows us to identify vulnerabilities and remediate them faster.
For more information about the division of information security responsibilities between us and the client, as well as the security measures in place, please visit the Security page on selectel.ru.
Change, Vulnerability, and Incident Notifications
Information about service availability and technical work plan is displayed in the status panel.
Additionally, account notifications can be configured in the control panel. They alert you to technical work, changes, failures, vulnerabilities that can affect infrastructure availability and security.
In order to minimize the possible consequences of an information security breach, Selectel has organized an information security incident management process that includes:
- Analyzing monitoring system events, as well as employee, customer and regulatory communications;
- identifying IS incidents and analyzing the reasons for their occurrence;
- responding to IS incidents;
- preventing the recurrence of incidents.
Customers can report IS incidents via ticket.
Further handling of the incident will depend on whose area of responsibility it is.
If an incident is within Selectel's area of responsibility and could damage the infrastructure, we will respond independently. If necessary, we will provide information about the incident if it has impacted you. We do this via ticket or account notifications.
If the incident is within your area of responsibility, you must respond to it yourself. Where possible, we will help you gather information on the incident as part of our technical support.
In the event of an incident involving unauthorized access to personal data or means of processing personal data that could result in the loss, disclosure or alteration of personal data, we will immediately notify all customers who may be affected. We do this via ticket or account notifications.
Selectel does not provide information labeling services. The need for and methods of labeling information and the responsibility for the security of data on Selectel products, services, and services is your responsibility.
Using utilities that can bypass security procedures
When using Selectel products, services and facilities, you may not use programs that may circumvent security procedures. If you use such programs to analyze the security of your systems, you can coordinate their use via ticket.
We prohibit the use of our products, services and facilities for malicious activity: distribution of malware; distribution of software and other data in violation of intellectual property rights, cyberattacks, etc. We prohibit the use of our products, services and facilities for malicious activity.
Deleting customer data
At any time, you can delete your account and the data stored on Selectel's infrastructure yourself.
The terms and conditions of deletion of our customers' personal data are defined in the document Policy on Processing and Protection of Personal Data.
Please see the terms and conditions of the contracts for individuals and legal entities, as well as the annexes to the contracts on the Documents page on selectel.ru.
For each document, we save the previous version under Document Archive.