Documentation

Security

Security is at the core of Expanos. Our systems are designed with multiple layers of protection to ensure data integrity and prevent unauthorized access.

Key security features

• 🔒 SOC 2 certification: We adhere to industry standards for security, availability, and confidentiality.
• 🔑 Strong encryption: All data is encrypter in transit and at rest.
• 🛡️ Third-party penetration testing: Regular security audits by independent experts.
• 🦺 Limited IAM roles: We use the principle of least privilege wherever possible.
• 🛜 Isolated from the internet: Worker nodes are isolated from the internet and reject all inbound traffic.
• 🛑 No external access: We cannot access or modify the machines. We are only able to shut them down. We cannot view your data.
• 🖥️ Dedicated hardware: Your node is not shared with any other customer, ensuring performance consistency and privacy.

Data and storage

• NVMe SSDs: Each machine is equipped with high-speed local storage, typically 1 TB in size.
• Disk encryption: LUKS encryption ensures data at rest is secure.
• Ephemeral storage model: A one-time encryption passphrase is generated at boot and discarded. Data becomes inaccessible after shutdown.

Note: Expanos machines are designed for ephemeral workloads. Persistent storage should be managed through Kubernetes volumes or AWS services like S3.

Network security

• Connections between your cluster and Expanos nodes use WireGuard, providing encrypted, low-latency communication.
• All traffic routes through your cloud provider, ensuring compliance and visibility.

Transparency

Expanos is fully auditable. Customers can request source code for all network configurations and services for review.