Shared Responsibility Model
Responsibility for network security is a shared commitment between NexGen Cloud and the customer. NexGen Cloud is responsible for protecting the infrastructure that runs all of the services offered by Infrahub and Hyperstack. This infrastructure is composed of the hardware, software, networking, and physical facilities that run NexGen Cloud services. Customers are responsible for the client operating system, application software, internal user access, and configuring NexGen Cloud-provided firewall rules, which are secure by default and don't allow external communication with your virtual machines.
In this article
- Division of responsibility for cloud environments
- Shared responsibility in virtual machine
- Shared responsibility across components
Division of responsibility for cloud environments
NexGen Cloud's responsibilities
- Apply secure software development practices to the development of all NexGen cloud services, including regular audits of source code, thorough reviews for potential vulnerabilities and patch development, consistent updates of dependencies, and adherence to a strict process for building, signing, and releasing software.
- Ensure our software stack (hosts, cloud backend, and Infrahub/Hyperstack platform) is regularly updated with the latest security patches and updates.
- Provide secure access to our services through the implementation of multi-factor authentication (Authentik).
- Protect the security of customer data.
Customer's responsibilities
- Update your software stack, including the operating system running on your virtual machines, regularly with the latest security patches and updates.
- Configure security features, including firewall rules for limiting network access, and manage user permissions through Role-Based Access Control (RBAC) to control access to your resources.
- Manage your data, including backup and encryption; it's important to note that responsibilities vary based on the resources you use.
- Compliance with relevant laws and regulations for your organization and workload.
- Provide bug reports or logs during support requests for troubleshooting.
- Secure your login and resource access by using strong passwords and follow best practices for the security of API and SSH keys.
Shared responsibility in virtual machines
NexGen’s responsibilities
-
NexGen is responsible for:
- The security of the Infrastructure, including the physical data centers housing the virtual machines and their hardware.
- Hypervisor software for VM creation and management.
-
If you have an Extended Support Contract with NexGen we will take responsibility for:
- The maintenance of the guest operating system on your virtual machines.
- The binaries and libraries required for the functionality of your applications.
Customer responsibilities
- The customer is responsible for:
- The security and maintenance of the operating system running on their virtual machines.
- The binaries and libraries required for the functionality of your applications.
- The security of the applications running on your virtual machines.
Shared responsibility matrix
Shared responsibility across components
NexGen Cloud offers our customers primarily Infrastructure-as-a-Service (IaaS) cloud resources. The table below outlines the division of responsibility for different between components between NexGen Cloud and our customers:
| Element | Responsible party |
|---|---|
| Information and data | Customer |
| Devices (Mobile and PC) | Customer |
| Accounts and identities | Customer |
| Identity and directory infrastructure | Shared |
| Applications | Shared |
| Network controls | Shared |
| Operating system | NexGen Cloud |
| Physical servers | NexGen Cloud |
| Physical network | NexGen Cloud |
| Physical datacenter | NexGen Cloud |
For the resources that customers are responsible for, NexGen Cloud can provide support and offer technical guidance on best practices for their management.
Have questions? Connect with our support team. Contact Us