Shared Responsibility Model

Overview

Security and Compliance is a shared responsibility between Network EQ and the customer. This shared model can help relieve customer’s operational burden as Network EQ operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches) and other associated application software. Customers should carefully consider the services they choose as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment.

Network EQ responsibility

Network EQ is responsible for protecting the infrastructure that runs all of the services offered by Network EQ. This infrastructure is composed of the hardware, software, networking, and facilities that run Network EQ services.

Customer responsibility

Customer responsibility will be determined by the services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, un-managed services require the customer to perform all of the necessary security configuration and management tasks, they are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances.

IT controls

This shared responsibility model also extends to IT controls. Just as the responsibility to operate the IT environment is shared between Network EQ and its customers, so is the management, operation and verification of IT controls shared. Network EQ can help relieve customer burden of operating controls by managing those controls associated with the physical infrastructure deployed in our environment that may previously have been managed by the customer. As every customer is deployed differently, customers can take advantage of shifting management of certain IT controls to Network EQ which results in a (new) distributed control environment. Below are examples of controls that are managed by Network EQ, Network EQ Customers and/or both.

Inherited Controls

Controls which a customer fully inherits from Network EQ

  • Physical and Environmental controls

Shared Controls

Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, Network EQ provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of Network EQ services. Examples include:

  • Patch Management – Network EQ is responsible for patching and fixing flaws within the infrastructure, but un-managed customers are responsible for patching their guest OS, and all customers are responsible for patching their applications
  • Configuration Management – Network EQ maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications
  • Awareness & Training - Network EQ trains its employees, but a customer must train their own employees