Shared Responsibility Model
Responsibility for network security is a shared commitment between NexGen Cloud and the customer. NexGen Cloud is responsible for protecting the infrastructure that runs all of the services offered by Infrahub and Hyperstack. This infrastructure is composed of the hardware, software, networking, and physical facilities that run NexGen Cloud services. Customers are responsible for the client operating system, application software, internal user access, and configuring NexGen Cloud-provided firewall rules, which are secure by default and don't allow external communication with your virtual machines.
In this article
- Division of responsibility for cloud environments
- Shared responsibility in virtual machine and container architecture
- Division of responsibility based on service type
Division of responsibility for cloud environments
NexGen Cloud's responsibilities
- Apply secure software development practices to the development of all NexGen cloud services, including regular audits of source code, thorough reviews for potential vulnerabilities and patch development, consistent updates of dependencies, and adherence to a strict process for building, signing, and releasing software.
- Ensure our software stack (hosts, cloud backend, and Infrahub/Hyperstack platform) is regularly updated with the latest security patches and updates.
- Provide secure access to our services through the implementation of multi-factor authentication (Authentik).
- Protect the security of customer data.
Customer's responsibilities
- Update your software stack, including the operating system running on your virtual machines, regularly with the latest security patches and updates.
- Configure security features, including firewall rules for limiting network access, and manage user permissions through Role-Based Access Control (RBAC) to control access to your resources.
- Manage your data, including backup and encryption; it's important to note that responsibilities vary based on the resources you use.
- Compliance with relevant laws and regulations for your organization and workload.
- Provide bug reports or logs during support requests for troubleshooting.
- Secure your login and resource access by using strong passwords and follow best practices for the security of API and SSH keys.
Shared responsibility in virtual machine and container architecture
Virtual Machines
NexGen’s responsibilities
-
NexGen is responsible for:
- The security of the Infrastructure, including the physical data centers housing the virtual machines and their hardware.
- Hypervisor software for VM creation and management.
-
If you have an Extended Support Contract with NexGen we will take responsibility for:
- The maintenance of the guest operating system on your virtual machines.
- The binaries and libraries required for the functionality of your applications.
Customer responsibilities
- The customer is responsible for:
- The security and maintenance of the operating system running on their virtual machines.
- The binaries and libraries required for the functionality of your applications.
- The security of the applications running on your virtual machines.
Containers
NexGen’s responsibilities
-
NexGen is responsible for:
- Security of the Infrastructure, including the physical data centers and hardware where containerization is implemented.
- The host operating system that containers share.
- Container engine such as Docker that is used to create and manage containers.
- Kubernetes orchestration which manages the deployment, scaling, and operation of application containers.
-
If you have an Extended Support Contract with NexGen we will take responsibility for:
- The binaries and libraries required for the functionality of your applications.
- The applications running in your containers.
Customer responsibilities
- The customer is responsible for:
- The binaries and libraries required for the functionality of your applications.
- The applications running in your containers.
Division of responsibility based on service type
NexGen Cloud offers our customers primarily Infrastructure-as-a-Service (IaaS) cloud resources with some Platform-as-a-Service (PaaS) cloud resources being in the minimum viable product (MVP) stage. The table below outlines the division of responsibility for these service types between NexGen Cloud and our customers:
| Responsibility | PaaS | IaaS | |
|---|---|---|---|
| Responsibility always retained by the customer | Information and data | Customer | Customer |
| Devices (Mobile and PC) | Customer | Customer | |
| Accounts and identities | Customer | Customer | |
| Responsibility varies by type | Identity and directory infrastructure | Shared | Customer |
| Applications | Shared | Customer | |
| Network controls | Shared | Customer | |
| Operating system | NexGen Cloud | Customer | |
| Responsibilities of to NexGen Cloud | Physical servers | NexGen Cloud | NexGen Cloud |
| Physical network | NexGen Cloud | NexGen Cloud | |
| Physical datacenter | NexGen Cloud | NexGen Cloud |
For the resources that customers are responsible for, NexGen Cloud provides support and offers technical guidance on best practices for their management.
Have questions? Connect with our support team. Contact Us