Is it possible to have a 100% secure virtual private server?

Mike asked:

I am curious if it is possible to have a VPS that has data on it that is not readable by the hosting provider, but is still usable on the VPS.

Obviously there are some things that you could do to prevent them from reading anything…

  1. You could change all the passwords, including root. But then, they could still use some alternate boot to reset the password, or they could just mount the disk another way.

  2. So, you could encrypt the disk or at least some of the contents on the disk. But then it seems that if you decrypted the content, they could still “peer in” to see what you were doing at the console, because after all, the virtualization platform should allow this.

  3. And even if you could stop that, it seems they could just read the RAM of the VPS directly.

Of course, the VPS can store data on it and as long as the key is not on the VPS and the data is never decrypted there, then the host cannot get the data.

But it seems to me that if any point the data on the VPS is decrypted…for use on the VPS…then the hosting provider can get the data.

So, my two questions are:

  1. Is this correct? Is it true that there is no way to 100% secure data on a VPS from a host from seeing it, while keeping it accessable by the VPS?

  2. If it is possible to make it 100% secure, then how? If it is not possible, then what is the closest you can get to hiding data from the web host?

My answer:

The virtual machine host can see and defeat any security measure you mentioned, including encryption of the virtual disks or files within the virtual filesystem. It may not be trivial to do so, but it’s much easier than most people think. Indeed, you alluded to the common methods of doing exactly that.

In the business world, this is generally dealt with via contracts and service level agreements, specifying compliance to legal and industry standards, and so is usually considered a non-issue as long as the host is actually compliant with the relevant standards.

If your use case requires security from the host, or more likely, from the host’s government, then you should strongly consider obtaining your service in another country.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.