Security & Trust on SaladCloud

Everyday, 100s of businesses and 1000s of individuals trust SaladCloud with their data, applications & resources. Your trust is critical to us.

Our "All Truth, No Bullshit" brand pillar means you can expect full honesty and transparency from us.
We are committed to ensuring SaladCloud plays a vital role in your security posture, and we strive to provide you with a secure-by-default experience. Read on to learn more about the security of Salad's products, platform, and infrastructure, our policies and procedures, and best practices to keep you and your customers secure.

salad-security

SaladCloud Architecture

Every day, 1000s of users share their resources on SaladCloud for rewards while 100s of businesses run workloads in a secure, affordable & sustainable manner.

salad gpu cloud distributed architecture
SaladCloud Nodes
SaladCloud Nodes are high-end, underutilized, crowd-sourced computers. Combining our proprietary Trust Rating system with your workload requirements, which can range from hardware specifications to geolocation restrictions, SaladCloud orchestrates your workload to run on the best available nodes.
salad security architecture
Your Workload
To protect applications and data, SaladCloud Nodes are partitioned using a hypervisor. Your workload runs inside an OCI-compatible container on a Linux virtual machine, isolated from Windows and other processes. This isolation works in both directions- it protects your workload from potentially malicious software and suppliers are protected from potentially malicious workloads.

Salad's Security Pillars

Trust and security is everything on the cloud. We have several layers of security to help keep your containers safe.

Product Security

Every product on Salad's distributed network has its own set of unique features & capabilities to provide a secure-by-default experience.

Platform Security

From authentication to logging and everything in between, the SaladCloud platform has multiple layers to ensure the security and privacy of your workloads.

Infrastructure Security

All third-party vendors and service providers are held to the highest level of security & compliance requirements, in accordance with industry standards.

Trust Rating System

Every node on the SaladCloud network earns a trust rating based on their behavior & performance. Only nodes that maintain a solid trust rating are eligible for workloads.

Shared Responsiblity

All contributors to our network - Salad, resource providers, and users - share responsibility to ensure the overall security and quality of the network.

Data Security

All data and environment variables are encrypted in transit and at rest via TLS and modern cipher suites.

Secure reliable compute environment on SaladCloud

Compliance And The Community Cloud

Salad Technologies is SOC 2 Type I Compliant, reinforcing our commitment to democratize the cloud while ensuring the highest standards of security & compliance.

Easier region-specific compliance with nodes in 188+ countries
Heartbeat monitoring to assess potential interruptions or other failures.
100% actual resource availability at all times with automatic reallocation.

Secure Products.

Salad Container Engine
  • Container images and configuration settings are encrypted at-rest and in-transit.
  • External container registry credentials are used to pull a container image to our cache and then immediately discarded.
  • Inbound network connections to containers are blocked by default.
  • Container logs may be streamed to an external logging service for auditing.
Salad Recipes
Container images in the Marketplace are verified by Salad for security and compatibility using automated checks.
Salad Container Registry
  • Container images are encrypted at-rest and in-transit.
  • Clients are required to use strong TLS encryption algorithms.
  • Sessions are authenticated with short-lived tokens and fine-grained access.
Salad Job Queues
  • Requests and responses are encrypted at-rest and in-transit.
  • Webhook callbacks are required to use TLS and provide strong digital signatures.
  • Completed jobs are deleted after 24 hours.
Salad Container Gateway
  • Containers are isolated from each other and exposed through the gateway on a specific port using a WireGuard VPN.
  • Clients are required to use strong TLS encryption algorithms.
  • Routes are protected via dedicated DDoS hardware.

Frequently Asked Questions

Common Security Questions from SaladCloud Users

What are the security risks using SaladCloud?

SaladCloud Nodes are crowd-sourced, high-end gaming computers. This inherently presents some security and privacy concerns depending on your use case.

For example, traffic between your workload and the Internet may be logged by intermediate networking equipment. If the connection uses strong encryption, the content is not visible and protected. However, even if the connection uses strong encryption, the destination IP address is still available in plain text. Performing a reverse DNS query on the IP address may disclose information about the type of workload running on the SaladCloud Node.

Additionally, while we rely on Hyper-V hypervisor and Linux container technology isolation, Salad takes many measures to detect and minimize the threat of these risks, and there are many technical approaches you can take to further minimize the risks. We strongly recommend you get in touch with our team before launching a new workload to review any security or privacy concerns.

Can you handle data subject to specific regulatory & compliance requirements?

Due to the unique nature of SaladCloud’s infrastructure, not all workloads are a fit for our network. Applications with highly specific regulatory and compliance requirements and high data-to-compute ratio are often not a good fit for SaladCloud. We encourage you to get in touch with our team so that we can review your specific needs to identify whether or not your requirements are compatible with the network.

What kind of workloads are not fit for SaladCloud?

Due to the unique nature of SaladCloud's infrastructure, not all workloads are a fit for our network. Applications with highly specific regulatory/compliance needs and high data-to-compute ratio are often not a good fit for SaladCloud. Please get in touch with us to discuss your specific use case.