Security

Security Overview

Security features and compliance information for Tasmanian Cloud

Tasmanian Cloud is built with security as a core principle. All infrastructure is designed to protect your data while maintaining compliance with Australian standards.

Certifications

CertificationStatus
ISO 27001🔄 In Progress
Essential 8✅ Aligned
Privacy Act 1988✅ Compliant
ASD IRAP📋 Planned

Data Sovereignty

  • 100% Tasmanian - All data stored in Tasmania
  • No Offshore Transfer - Data never leaves Australia
  • Local Ownership - 100% Tasmanian owned and operated

Encryption

At Rest

ServiceEncryption
VM StorageAES-256-XTS
Object StorageAES-256-GCM + Post-Quantum
DatabaseAES-256-CBC
BackupsAES-256-GCM

In Transit

  • TLS 1.3 - All API and web traffic
  • Perfect Forward Secrecy - ECDHE key exchange
  • Certificate Pinning - Available on request

Post-Quantum Cryptography

Object storage uses NIST-approved post-quantum algorithms:

  • Kyber-768 - Key encapsulation mechanism
  • Dilithium-3 - Digital signatures

Network Security

DDoS Protection

  • Cloudflare Magic Transit at edge
  • 100 Tbps+ mitigation capacity
  • Automatic attack detection

Firewall

Default-deny firewall with:

  • Stateful packet inspection
  • Geo-blocking available
  • Custom rules via API

VPN

Netbird mesh VPN for private connectivity:

# Install Netbird client
curl -fsSL https://pkgs.netbird.io/install.sh | sh

# Join Tasmanian Cloud network
netbird up --management-url https://vpn.tasmanian.cloud

Access Control

Authentication

  • API key-based authentication
  • Optional MFA for panel access
  • Session management with automatic expiry

Authorization

Role-based access control (RBAC):

RolePermissions
OwnerFull access
AdminManage resources, billing
DeveloperDeploy, manage VMs
ViewerRead-only access

Audit Logging

All actions are logged:

  • API requests
  • Panel actions
  • Resource changes
  • Access attempts

Vulnerability Management

  • Continuous Scanning - Weekly vulnerability assessments
  • Patching - Critical patches within 24 hours
  • Penetration Testing - Annual third-party testing

Incident Response

SeverityResponse Time
Critical15 minutes
High1 hour
Medium4 hours
Low24 hours

Security Best Practices

For Customers

  1. Use API Keys - Never share credentials
  2. Enable MFA - Where available
  3. Rotate Keys - Regularly rotate API keys
  4. Monitor Logs - Review access logs
  5. Encrypt Data - Use client-side encryption for sensitive data

Example: Secure VM Access

# Disable password authentication
# Edit /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin no

# Use non-standard port
Port 2222

# Restart SSH
systemctl restart sshd

Reporting Security Issues

If you discover a security vulnerability:

Compliance Reports

Available upon request for verified customers:

  • SOC 2 Type II (planned)
  • ISO 27001 certificate (in progress)
  • Penetration test summaries

Sub-processors

Tasmanian Cloud uses the following sub-processors to deliver services. This list is reviewed and updated annually.

Current Sub-processors

VendorServiceData LocationPurpose
MicrosoftM365 (Email)AustraliaBusiness email, calendar
ResendTransactional EmailUSSystem notifications, alerts
CloudflareDNS, CDN, WAFGlobalEdge security, DNS resolution
VercelMarketing SitesGlobalWebsite hosting (transitioning to CF Pages)
Cloudflare PagesMarketing SitesGlobalWebsite hosting (primary)
ScalarAPI DocumentationUSAPI documentation hosting
StripePayment ProcessingUSBilling, invoicing, payments

Self-Hosted Services

The following services are hosted on Tasmanian Cloud's own infrastructure:

ServiceInfrastructureLocation
Product AnalyticsSelf-hostedTasmania
Billing DashboardPaymenter on ProxmoxTasmania
Bare MetalOwned hardwareTasmania
Customer PanelSelf-hostedTasmania
Object StorageRustFS/CephTasmania
ComputeProxmox VETasmania
KubernetesTalos + FluxCDTasmania

Sovereignty Roadmap

Our commitment is to become fully sovereign. The following initiatives are in progress:

InitiativeTargetStatus
Self-hosted Email2026📋 Planned
Transactional Email2026📋 Planned
HA Infrastructure (CF backup)2026🔄 In Progress
Self-hosted PBX2027📋 Planned
Marketing Sites (Vercel/CF Pages → tasmanian.cloud)2026🔄 In Progress

Shared Responsibility Model

LayerTasmanian CloudCustomer
Physical
Network
Hypervisor
Host OS
Guest OS
Application
Data

Last updated: February 2026

Security Overview

Security documentation and threat models for tasmanian.cloud services

O2S Security Model

Threat model and security architecture for OpenSelfServe

On this page

CertificationsData SovereigntyEncryptionAt RestIn TransitPost-Quantum CryptographyNetwork SecurityDDoS ProtectionFirewallVPNAccess ControlAuthenticationAuthorizationAudit LoggingVulnerability ManagementIncident ResponseSecurity Best PracticesFor CustomersExample: Secure VM AccessReporting Security IssuesCompliance ReportsSub-processorsCurrent Sub-processorsSelf-Hosted ServicesSovereignty RoadmapShared Responsibility Model