Proactive, Responsive, and Operationalized Security by Design
The security of your information and data is paramount to Scale Computing™; all platforms must adapt quickly to remain agile in responding to new threats in the security landscape. Security sits at the forefront of the design of Scale Computing Platform™ edge solutions, from the custom-built storage layer to the most current software patches and upgrades.
SCPlatform™ delivers everything you need to manage your environment and removes what you don’t. By eliminating additional clients, protocols, and other potential sources of licensing (costs) and frustrations (management), we also eliminate attack surfaces. This simplicity inherently increases the security of your infrastructure.
Remember RFC 1925 - 12:
In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away.
Executive Summary
At Scale Computing, security is built into our DNA—from architecture to operations. Scale Computing Platform was designed with Zero Trust principles, full platform ownership, and relentless simplicity to minimize risk and maximize resilience.
We control every aspect of the platform: our hypervisor, storage layer, software stack, and update process are all purpose-built, managed, and secured in-house by Scale Computing engineers. There are no external vendors, no unnecessary exposure points, and no hidden dependencies.
SC//Platform’s embedded security features—including encrypted replication, isolated networking, role-based access control (RBAC), and secure, signed updates—enable organizations to meet compliance standards with confidence. You retain full control over data, access, and encryption, backed by a platform that constantly monitors, tests, and patches against emerging threats.
With a proactive incident response framework, continuous vulnerability monitoring, and a commitment to responsible disclosure, we deliver a security-first foundation that today’s organizations can trust—and tomorrow’s challenges can’t break.
Scale Computing’s Security Philosophy
At Scale Computing, security is not an afterthought—it is a core design principle embedded into every layer of SC//Platform. Our approach is deliberate and multi-faceted. Security at Scale Computing is proactive, intentional, and foundational, providing our partners and customers with a secure infrastructure they can trust.
Zero Trust, Simplicity, and Automation
SC//Platform is built around a "trust nothing, verify everything" philosophy. We minimize complexity and automate operational processes, significantly reducing potential attack surfaces and human error.
Full Ownership
We maintain complete ownership and control over the design, source code, and software updates of our platform. By eliminating third-party dependencies, we provide a secure, cohesive environment free from external vulnerabilities.
Proactive Security Posture
Our engineering and product teams actively monitor emerging threats, CVEs, and industry trends. This vigilance allows us to respond rapidly and deliver security updates before risks can impact customer environments.
Inherent Security By Design
SC//Platform was designed to provide highly available and scalable compute and storage services while maintaining operational simplicity through highly intelligent software automation and architecture simplification.
We tightly control, review, and maintain all third-party and open-source software used within Scale Computing HyperCore; common vulnerabilities and exposures (CVEs) are monitored and patched as needed at the source-code level by our employees (with no dependencies on outside third parties); and no root or privileged access is granted to end-users or other outside representatives.
We have complete ownership and control over SC//Platform’s design, the components included, and the updates to our products. Trusted Scale Computing engineers manage all software, not unreliable third-party entities or outsourced engineering teams. No root or privileged access is available to general users or outside vendors, and no unnecessary ports or protocols are open.
Supply Chain and Trusted Software Development
We have purpose-built our engineering and development team the same way that we have purpose-built our product. While we do leverage a carefully curated set of open-source packages, all software we develop is developed in-house by full-time Scale Computing employees.
Trusted Software
Scale Computing HyperCore™ is the foundation of SC//Platform™. It is the hypervisor for Scale Computing clusters and bundles a variety of adapted open-source and proprietary, intelligent software to create a simplified operating system. Custom-built utilizing KVM architecture to integrate with the Scale Computing Reliable Independent Block Engine™ (SCRIBE) storage layer directly, SC//HyperCore™ makes virtualization and software automation look easy—and it is.
The software self-monitors and self-heals in almost all scenarios.
We utilize a unique development and testing process at Scale Computing, combining common Scrum and Kanban processes as necessary to work with and maintain multiple branches of code for current and new releases in development. With this method, the development and product teams can release software updates to SC//Platform using the procedures described below, ensuring that all functionality and security are considered with each release.
All customer-facing software updates and patches are cryptographically signed by Scale Computing to ensure authenticity and integrity. Our CI/CD pipelines are designed with strict security controls to prevent unauthorized access and tampering, supporting a trusted supply chain model for all software updates and patches.
Automated Tests
The quality assurance team and automated testing process are fundamental to ensuring product stability and security while maintaining a focused development team. There are hundreds of thousands of system and unit tests performed each week —all of which are under constant observation, review, and improvement to ensure a premier product in all aspects of security, stability, and performance.
We perform a specific set of automated and manual security tests with every release of every product we ship, including port scans, targeted security scans, and penetration tests.
We also conduct regular external penetration tests on Scale Computing Fleet Manager™ and on our public servers that support SC//HyperCore remote support and software updates. These independent security assessments are performed by specialized third parties to validate our defenses, identify any emerging risks, and ensure our systems remain resilient against evolving threats.
Platform-Level Security Features
The term hyperconvergence means different things to different people. In the broadest sense, it means combining core infrastructure components such as compute, storage, and networking in an easy-to-manage system.
At Scale Computing, hyperconvergence means that we own and manage the stack at all levels. We understand that we are your infrastructure, and we take great care to ensure we are aware of the impact that changes to the product can have anywhere in the stack.
Minimizing the number of packages installed on an SC//HyperCore cluster limits the attack surface. And the packages used are monitored for CVEs and updated in a timely manner.
Scale Computing Fleet Manager Cloud Security
Scale Computing Fleet Manager assists with the management of clusters using cluster-initiated (outbound) 2-way SSL communication via port 443 (ssl and mqtt) to api.scalecomputing.com and broker.scalecomputing.com. Data is only accessible to customer-authorized SC//Fleet Manager users and designated Scale Computing Support personnel. SC//Fleet Manager communication is not required for SC//HyperCore to fully function and take self-corrective action, and access to SC//HyperCore cannot be granted via SC//Fleet Manager.
Access to SC//Fleet Manager is restricted to authenticated role-based user accounts. Authentication is handled by Google’s Firebase, which stores passwords securely so that even Scale Computing cannot access them. This also enables easy authentication via Google SSO or Microsoft Azure AD for enhanced security.
SC//Fleet Manager’s Role-Based Access Control (RBAC) restricts user accounts to performing specific tasks and actions. For example, certain accounts can be “Cluster Viewer” allowing view/monitoring access to the organization’s clusters only, with no ability to add new clusters or update the firmware.
SC//Fleet Manager is securely hosted on fault-tolerant infrastructure with a major USA data center provider. Data is securely backed up in case of the need for quick disaster recovery with little to no data loss. Access to this infrastructure and the data is limited to a handful of our trained and authorized employees and is always treated in accordance with the strict standards of our privacy policy (never shared, never sold).
Incident Response and Rapid Patch Deployment
Our agile development environment and software interoperability open communication channels between the product, support, and engineering teams to create an innovative, trusted, and secure system that can actively benefit from customer feedback and respond quickly and easily to security needs.
When a security exploit is found, your data protection comes first at Scale Computing. As we are not dependent on third-party companies or vendors to create or test patches to ensure functionality, we can build and release a security patch to address core concerns when needed while still ensuring full-stack stability and compatibility in the process.
We constantly monitor upstream packages for vulnerabilities and deliver security patches as part of weekly releases of SC//Fleet Manager and monthly releases of SC//HyperCore.
Scale Computing follows a formalized internal Incident Response Plan (IRP) protocol that includes identification, containment, remediation, and communication steps for any detected vulnerabilities or incidents. All software patches and updates are securely built and delivered through verified processes to ensure integrity, authenticity, and rapid deployment across environments.
Scale Computing actively monitors all components of SC//Platform for security vulnerabilities. In the event of a critical vulnerability or zero-day exploit, our internal security and engineering teams immediately assess, patch, validate, and release updates. Customers receive actionable guidance, and rolling updates ensure security patches can be applied non-disruptively.
Customer-Controlled Support Access
To provide near real-time support for customers on SC//Platform, the ScaleCare Support team members will sometimes provide a code and ask for a “tunnel” to be opened for support access to provide remote support.
A system administrator can grant ScaleCare Support access to SC//HyperCore using the provided code; ScaleCare Support cannot initiate a connection to SC//HyperCore. This outbound-only connection can be revoked at any time from the web interface.
ScaleCare Support does not have direct access to any customer VM data once a connection has been established. As there is no file system to navigate, data is stored in RAW virtual disk images with storage blocks distributed across the cluster. ScaleCare Support will only be able to monitor the self-healing functions of the cluster and manage other system services with your approval.
Compliance-Ready Foundation1
SC//Platform is designed to enable organizations to meet stringent security and compliance requirements across industries such as healthcare, retail, financial services, and government. The platform aligns with the principles and best practices of commonly recognized security and privacy frameworks, including HIPAA, PCI-DSS, and GDPR.
Customer Control of Data and Access
SC//Platform is architected to ensure you maintain full control over your data, systems, and access policies. No root or privileged access is granted to external parties, and you can implement your preferred encryption, authentication, and access controls to meet specific compliance mandates.
Security and Audit Capabilities
Built-in security features such as role-based access control (RBAC), detailed system logging, secure update processes, and strong network isolation support you in meeting regulatory and internal audit requirements. SC//Platform's operational transparency and proactive monitoring tools enable organizations to generate the evidence needed to demonstrate compliance readiness during audits.
By simplifying the underlying infrastructure while preserving your autonomy and security, SC//Platform provides a strong, compliance-ready foundation to support current and future regulatory obligations.
SOC 2 and ISO/IEC 27001 Compliance: Safeguarding Data with Confidence
Scale Computing aligns its information security practices with ISO/IEC 27001 and SOC 2 frameworks to support enterprise-grade governance and risk management across SC//Platform. ISO/IEC 27001 serves as the foundation for our internal ISMS, guiding the implementation of technical controls, vulnerability management, and continuous risk assessment procedures across our systems and operations. In parallel, our adherence to SOC 2 trust principles—specifically Security, Availability, and Confidentiality—ensures rigorous access controls, audit logging, incident response processes, and infrastructure resilience that meet the requirements of both internal auditors and external regulators.
For more details, you can request a copy of our reports by contacting us.
1 Data Compliance Regulations: Various markets and sectors require different compliance regulations. Scale Computing does not access personal information about our customers’ end-users, and therefore is not subject to sectoral laws that may govern that information, such as HIPAA or GLBA. However, Scale Computing takes security seriously and makes every effort to meet industry security standards. Always review your required compliance rules to ensure you meet or exceed the terms.
Shared Responsibility Model
Security in a modern IT environment is a shared responsibility between Scale Computing and our customers. SC//Platform is engineered with secure foundations, but you must implement sound operational security practices within your environments:
| Scale Computing | Partners/Customers |
|---|---|
|
|
By working together, we can create highly secure, resilient environments that protect critical applications and data.
Vulnerability Reporting Policy
Scale Computing welcomes responsible vulnerability disclosures from external researchers, customers, and partners. We are committed to evaluating and addressing disclosed security issues promptly and transparently.
Those discovering potential vulnerabilities are encouraged to report them through Scale Computing’s official support channels. Our internal security team investigates all reported findings, prioritizes remediation based on severity and impact, and communicates appropriately with affected parties if necessary.
Security in Summary
SC//Platform has always focused on security, from the first concepts to the latest designs. SC//HyperCore and SC//Fleet Manager development are kept in-house by full-time Scale employees. Every aspect of SC//HyperCore: the custom SCRIBE storage management layer, the proven hardware, a field-tested and enterprise-capable hypervisor, automated testing, encrypted connections, password-protected and encrypted replication, and more, combine to create a secure and contained solution with inherent security and control. Any open-source packages deployed as part of Scale Computing software are tightly controlled.
The tight-knit, highly skilled, and dedicated teams of engineers, product experts, and developers research, review, and refine all aspects of SC//Platform to ensure it meets the high standards we require for security, system stability, and management simplicity. Every decision is made with these core tenets in mind.
We understand the importance of security foresight, preparation, and responsiveness in the shifting security landscape. As often as laws and regulations change and as quickly as vulnerabilities can appear within an organization, SC//Platform and the team are ready to ensure your peace of mind.