ExpressVPN TrustedServer runs off volatile memory, or RAM, so no data is ever written to the hard drive. Since RAM requires power to store data, TrustedServer can guarantee that all information on a server is wiped every time it is powered off and on again.

In the traditional server setup model used by most companies, the operating system requires read/write permissions to the hard drive in order to run applications. These hard drives retain all data until they are erased and overwritten, increasing the risk that servers could inadvertently contain sensitive user information. If someone were to hack or seize the server, they could gain access to this data. Even worse, attackers who do find their way in might be able to install a backdoor that remains indefinitely.

ExpressVPN TrustedServer technology addresses those security threats by making sure that absolutely nothing—neither information nor intruders—can remain on a server when it is rebooted.

“We never collect any activity or connection logs and engineer our systems to ensure sensitive information never touches the hard drive,” stated Harold Li, vice president at ExpressVPN. “But now with TrustedServer, we’re taking it a step further, by cutting the hard drive out of the picture entirely.”

ExpressVPN TrustedServer

TrustedServer ensures consistency across ExpressVPN’s VPN server network by always booting from the latest read-only image

TrustedServer also introduces key innovation that ensures all ExpressVPN servers are running the same, most up-to-date software and configuration. Each time a server powers up, it loads the latest read-only image containing the entire software stack, operating system and all. The image is cryptographically signed by ExpressVPN, and servers will not operate if that signature is not valid. This groundbreaking approach ensures greater consistency and therefore better security.

“TrustedServer means that we know that each and every one of our 3,000+ servers worldwide loads and runs the same, most up-to-date code each time they start up—with the right patches and configuration for optimum security and performance,” continued Li. “The more software consistency there is across a network, the less likely that there are vulnerabilities or misconfigurations, and the more confident we can be that the software that we audit and test is actually what’s running on all servers.”

With traditional server administration, every incremental update that is applied one by one across thousands of servers is an opportunity for differences among them to arise. The more servers a company has, and the more time passes, the less confident that a company can be that every single server is running the exact same code and configured the same way. As a result, a server that was set up years ago might be running software in an unexpected way that’s dangerously different from what the company’s engineers are testing or auditing today.

TrustedServer means that we know exactly what’s running on each and every ExpressVPN server—minimizing the risk of vulnerabilities or misconfiguration. With the operating system effectively reinstalled with every single reboot, TrustedServer dramatically reduces security risks.

Pin It on Pinterest

Share This!

Share this post with your friends.