Lyve Cloud Documentation

Security

Q:

How is my data protected?

A:

Lyve Cloud protects customer data in transit by using:

  • Transport layer security (TLS) for data in-flight TLS 1.2 (AES-256-GCM)

  • Encryption for data at rest

The data is always encrypted at rest using one of two server-side methods:

  • Encryption with a client-provided key (part of S3 request headers) - SSE-C

  • Encryption with a Key Management System (KMS) - SSE-S3

All data, regardless of whether it is encrypted or not on the client-side (SSE-C), is encrypted using AES 256-bit encryption at rest. The keys are never shared and can be rotated based on the customer’s security policy. Data in flight is encrypted using TLS 1.2, and client applications can only connect using HTTPS protocol.

Lyve Cloud follows industry best practices for design and security models. Contact sales.lyvecloud@seagate.com for a complete overview of security analysis conducted by a third party.

Q:

Does Lyve Cloud mine my data?

A:

No, Lyve Cloud does not mine any customer data. 

All data stored in Lyve Cloud is encrypted. We strongly recommend that customers use client-side encryption for complete data protection.

Q:

What happens to my data if I am no longer a Lyve Cloud customer?

A:

Lyve Cloud does not make any secondary copies of the data. To permanently delete the data, the client application should use the S3 API calls to delete all objects and buckets it created. 

Once this is complete, customers can email support.lyvecloud@seagate.com to request that their account information be permanently deleted. This ensures that any remaining customer information is removed from the Lyve Cloud cluster.

Q:

What authentication mechanisms are supported?

A:

Access to the Lyve Cloud admin portal is supported by multiple authentication schemes, including:

  • Multi-factor authentication using either SMS OTP (One Time Password) or an authenticator mobile app

  • Federated login using the customer’s IDP login flow

Q:

How secure are Lyve Cloud datacenters?

A:

Lyve Cloud prioritizes a secure and protected infrastructure.

  • A dedicated staff manages and protects each site 24×7, year-round.

  • Each site is equipped with security cameras to monitor inside the data center and the surrounding area.

  • Facilities are unmarked so as to not draw attention from outside.

  • Building access is controlled using biometric measures.

Q:

Which OTP applications can be used for MFA login?

A:

Lyve Cloud supports the use of third-party authenticator apps as verification methods for MFA logins. You can use any authenticator app that generates temporary codes based on the time-based one-time password. There are many free and paid authenticator apps to choose from. Widely-used options include Google Authenticator, Microsoft Authenticator, DUO, Authy, Okta Verify, Auth0 Guardian, OneLogin Protect, and Oracle Authenticator.

Q:

Can I use CORS with Lyve Cloud?

A:

Currently, Lyve Cloud does not support Cross-Origin Resource Sharing (CORS), nor does it support hosting static websites using custom domains or anonymous access to public buckets.

Q:

How can I change my authentication method?

A:

You must contact your administrator to reset MFA for the user. To reset MFA, see Resetting MFA For An Individual IAM User. After resetting MFA, you must again enroll in MFA. For more information, see Enrolling in MFA.

Q:

Why must I use a mobile phone to set up MFA?

A:

Your device is unique to you. This helps to ensure that your account can only be accessed by the person in possession of your phone. Even if someone has your Lyve Cloud credentials, they will not be able to access your Lyve Cloud account without your mobile phone.

Q:

My mobile device with authenticator app is lost or stolen, what do I do?

A:

To change your phone number you must contact the administrator of your account to reset MFA. For more information, see Resetting MFA For An Individual IAM User. After the administrator resets MFA, you must again enroll in MFA on your new device. For more information, see Enrolling in MFA.

Q:

Can Email be used as the 2nd method of Auth for MFA?

A:

No, email is not supported as an MFA method. We only support the authenticator apps and SMS. This is because email credentials can be easily compromised or reset. With a mobile device, it is more difficult to get the SMS code or use the authenticator app to access your account than it is to access an email account.

Q:

Can organizations use their own SAML with MFA?

A:

Yes, organizations can use their own SAML with MFA. Lyve Cloud MFA always applies to password users even if federated login is enabled for the account.

Q:

I have lost my recovery code, how do I login to the Lyve Cloud console?

A:

You must contact your administrator to reset MFA. To reset MFA for the user, see Resetting MFA For An Individual IAM User. After resetting MFA, you must again enroll in MFA. For more information, see Enrolling in MFA.

Q:

How can I change my Multi-Factor Authentication (MFA) Phone Number?

A:

An administrator must reset the MFA for a user to change the associated phone number. To reset MFA for the user, see Resetting MFA For An Individual IAM User. After resetting MFA, you must again enroll for MFA. For more information, see Enrolling in MFA.

Q:

Can I change my authenticator app?

A:

Yes, you can change the authenticator app by installing the preferred authenticator app.

You must contact your administrator to reset MFA for the user. To reset MFA, see Resetting MFA for an individual IAM user. After resetting MFA, you must again enroll in MFA. For more information, see Enrolling in MFA.

Q:

Can I register multiple Lyve Cloud accounts in an authenticator app for MFA?

A:

You may use different authenticator apps for different Lyve Cloud accounts. If you are required to use the same authenticator app for multiple Lyve Cloud accounts, refer to the MFA application's help section to learn how to add multiple accounts. Follow the steps based on the desired authenticator app.

Refer to few of the commonly used authenticator apps: