Security is the shared responsibility between E2E and the customer. E2E Cloud operates, manages and controls the components from the host operating system and virtualization layer to the physical security of the facilities in which the service operates.
The customer is responsible for management of the guest operating system (including updates and security patches), other associated application software, as well as configuration of E2E services into their IT environment and applicable laws and regulations.
Security of the cloud
E2E Networks is responsible for protecting the infrastructure that runs all of the services offered in the E2E Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run E2E Cloud services.
Customer responsibility “Security in the Cloud”
For example, a service such as C2 series/ SDC series is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy a C2/ SDC series servers are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances.
For abstracted services, such as E2E Object Storage, E2E Load Balancers and E2E DBaaS, E2E operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data.
Patch Management – E2E Networks is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
Configuration Management – E2E Networks maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.
Awareness & Training - E2E Networks trains E2E employees, but a customer must train their own employees.
Once a customer understands the E2E Networks Shared Responsibility Model and how it generally applies to operating in the cloud, they must determine how it applies to their use case. Customer responsibility varies based on many factors, including the E2E services and Regions they choose, the integration of those services into their IT environment, and the laws and regulations applicable to their organization and workload.