Shared responsibility model
Last updated
Last updated
Security is a shared responsibility between Denvr Dataworks and the customer. Both parties need to collaborate and understand their respective roles to ensure that all security aspects are handled appropriately.
For example, while Denvr Cloud takes full responsibility for hosting physical infrastructure and ensuring network security, users are responsible for managing client-side encryption, open internet ports, and offsite backup copies of data.
Function | Description |
---|---|
Function | Description |
---|---|
Physical security
Protecting the physical servers, storage, and networking equipment within our data centers.
This includes access controls, monitoring, environmental safeguards, and other measures that ensure the hardware is safe from unauthorized access or damage.
Infrastructure security
The security of the physical infrastructure, which includes the compute, storage, and network resources used to deliver our infrastructure platform.
Security patches and updates for the hardware and hypervisors.
Virtualization and network isolation
We ensure the security of the virtualized environment, including the hypervisors and orchestration tools that manage virtual machines (VMs) and containers.
Network segmentation and isolation between tenants to prevent any risk of unauthorized access between accounts.
Service availability
We ensure that the platform remains available by implementing redundant systems, monitoring, and incident response capabilities.
This includes automatic failover systems and backup mechanisms to protect against hardware failures.
Compliance certifications
Denvr maintains compliance with SOC 2 and GDPR, and others as applicable.
Identity and Access Management
Customers are responsible for managing access to their cloud environment.
This involves creating user accounts, assigning permissions, enabling multi-factor authentication (MFA), and securing shell access to instances.
Application Security
Customers must ensure that the applications they deploy are secure. This includes regular security testing, code reviews, vulnerability scanning, and patch management
Operating System
Keeping operating systems up to date with the latest security patches.
Installing and configuring anti-malware and firewall software.
Managing software dependencies and ensuring third-party libraries or frameworks are secure.
Backup and Disaster Recovery
While we provide infrastructure-level redundancy, customers must ensure their own backup and recovery plans are in place for the data and applications they control.