Information security when using Selectel services
Selectel ensures the information security of its products, services, and offerings from the moment of account registration in the Control panel until the moment of account deletion.
Selectel is not responsible for the security of information that is posted and stored by customers on Selectel products, services, and offerings.
Personal data
Selectel maintains the confidentiality of the personal data you provide when you create an account in the Control panel and provides it in any available form upon your request.
We may print your personal data to comply with legal requirements or upon your request, for example, to prepare paper copies of contracts and acts between us.
We may disclose personal data to third parties only in accordance with legal requirements if we receive a legally binding request. Disclosure of data to third parties will be logged with information about what data was disclosed, to whom, and at what time.
If we receive such a request, then, provided there are legal grounds and no contradictions to legal requirements, we will send information about this in a ticket. We will do this no later than 30 days from the moment of personal data disclosure.
Account and its compromise
If you have trouble accessing your account, you can restore access to the account.
If the account has been compromised or you suspect a compromise:
- change your password and email address;
- terminate all active sessions;
- check the user list for accuracy and pay special attention to service users. The list of users can be viewed by the Account Owner and a user with the
iam.adminrole in the Control panel: in the top menu, click IAM → Users or Service Users section. Learn more about roles in the Access management in Selectel products guide.
Access management
The access of other users to Selectel services, products, and offerings is managed by the Account Owner.
User access rights are separated through user roles, which define access within each user type.
Learn more about access management in the Access Separation section.
Use of services
Information about the use of Selectel services, products, and offerings is confidential. Access to this information is strictly regulated, and only secure communication channels are used for transmission.
Virtualization security
Selectel ensures the security of virtualization technologies against unauthorized access to information and data leaks. To this end, vulnerability management, antivirus protection, and access control technologies and tools are applied at the management infrastructure and virtualization system level, including privileged user activity monitoring and protection against network attacks.
Customer infrastructure isolation
Every Selectel customer's infrastructure is isolated on several levels:
- control panel level;
- infrastructure level.
Infrastructure objects are created, modified, and deleted by platform tools. Computing resources allocated for such objects are reserved for the customer and are not used in infrastructures belonging to other customers. Depending on the specifics of the service, product, or offering, isolation is performed at the physical or logical level. Virtual resources are isolated at the virtualization environment level, while dedicated server resources are isolated at the hardware and network level.
Temporary file deletion
Temporary files processed by Selectel infrastructure objects do not contain personal data. Upon completion of work with an infrastructure object, temporary files are automatically deleted by platform components.
The deletion of temporary files created and stored in Selectel products, services, and offerings when you use them is your responsibility.
Use of cryptographic protection tools
Selectel infrastructure objects interact via secure protocols with authentication using digital certificates. For security during data transmission, users connect to the Control panel and API via reliable protocols.
For additional data security, use your own cryptographic protection tools.
For remote access to Selectel infrastructure using GOST encryption algorithms, connect the GOST VPN service.
Security during service development
When developing services, we:
- analyze the security of the designed architecture and the specifics of the solutions used;
- implement security requirements, policies, and industry best security practices at every stage of the development lifecycle;
- test the implementation of security requirements formed at the stage of building the service architecture or when changes are made to it;
- conduct training and regularly improve the qualifications of employees in the field of information security in their specific areas of activity.
Vulnerability management
We regularly analyze the security of the infrastructure of our products, services, and offerings: we conduct internal and external scanning and penetration tests. This allows us to detect vulnerabilities and resolve them faster.
Learn more about the division of responsibilities regarding information security between us and the customer, as well as the security measures applied, on the Security page on selectel.ru.
Notifications about changes, vulnerabilities, and incidents
Information about service availability and the technical maintenance schedule is displayed in the status panel.
Additionally, you can configure account notifications in the Control panel. They notify you about maintenance, changes, failures, and vulnerabilities that may affect infrastructure availability and security.
To ensure that potential consequences of information security breaches are minimized, Selectel has organized an information security incident management process, which includes:
- analysis of monitoring system events, as well as reports from employees, customers, and regulatory authorities;
- identification of IS incidents and analysis of the causes of their occurrence;
- response to IS incidents;
- prevention of incident recurrence.
Customers can report IS incidents through a ticket.
Further work on the incident will depend on whose area of responsibility it falls into.
If the incident is in Selectel's area of responsibility and can cause damage to the infrastructure, we will respond to it independently. If necessary, we will provide information about the incident if it has affected you. We will do this via ticket or account notifications.
If the incident is your responsibility, you must respond to it yourself. Where possible, we will assist you in gathering information about the incident as part of technical support.
In the event of an incident involving unauthorized access to personal data or the means used to process it that could lead to the loss, disclosure, or alteration of personal data, we immediately notify all customers who may be affected. We will do this via a ticket or account notifications.
Information labeling
Selectel does not provide information labeling services. The necessity and methods of labeling information, as well as responsibility for the security of data placed in Selectel products, services, and offerings, are your area of responsibility.
Use of utilities capable of bypassing security procedures
When working with Selectel products, services, and offerings, it is prohibited to use programs that may bypass security procedures or create abnormal load on products, services, and offerings. If you use such programs to analyze the security of your systems, you can coordinate their use via a ticket.
We prohibit the use of our products, services, and offerings for malicious activity: distributing malware, distributing software or other data in violation of intellectual property rights, cyberattacks, etc.
Deletion of customer data
You can delete your account and the data stored on Selectel infrastructure yourself at any time.
If you decide to opt out of products, services, or offerings or fail to pay for them on time, we will automatically destroy all data stored in the Selectel infrastructure within the time frame established by the "Terms of Use for Specific Services" document for the specific product, service, or offering. These can be viewed on the Documents page on selectel.ru.
The terms and conditions for deleting our customers' personal data are defined in the Policy on the Processing and Protection of Personal Data document.
Documents
View the terms of contracts for individuals and legal entities, as well as appendices to contracts, on the Documents page on selectel.ru.
For every document, we save the previous version in the Document Archive section.