Shared security responsibility model

This shared responsibility model helps define ownership and control over assets, processes, and functions between Creatio and Customers. The goal of the model is to assist in understanding roles and responsibilities in securing implementation of your Creatio environment.

Creatio Cloud

 
Customer
Creatio
Creatio Cloud Infrastructure Providers
Additional Statements or Clarifications

INFORMATION AND DATA

Initial Data Import
 
 
 
Data Integrity
 
 
 
Data Quality
 
 
 
Back-up and Restoration
 
 
 
 
Data Encryption at Rest
 
 
 
 
Data Encryption in Transit
 
 
 
 

APPLICATION IDENTITY AND ACCESS MANAGEMENT

User Management (creation, deletion, etc)
 
 
 
Access Management
 
 
 
Password Management Policy
 
 
 
 
Authentication Management (SSO, third-party identity solutions)
 
 
 

APPLICATION LOGIC AND CODE

Application Configuration and Customization
 
 
 
Integrations and API
 
 
 
Application Lifecycle Management (Updates and Upgrades)
 
 
 
 

MONITORING

Application Security Monitoring ( Authentication, Unauthorized access, Data integrity issues, etc.)
 
 
 
Application Performance and Availability
 
 
 
 
Infrastructure Performance and Availability
 
 
 
 
Infrastructure Security Monitoring (Authentication, Unauthorized access issues, etc.)
 
 
 
 

APPLICATION INFRASTRUCTURE MANAGEMENT

Identity and Access Management to application infrastructure
 
 
 
 
Infrastructure lifecycle management (Updates and Security Patches)
 
 
 
 
Infrastructure Security Configuration (OS and components security hardening)
 
 
 
 
Endpoint Protection
 
 
 
 
Virtual machine / server instance management
 
 
 
 

APPLICATION INFRASTRUCTURE NETWORK

Perimeter Network Firewall
 
 
 
 
Network Segmentation/Access Control
 
 
 
 
Intrusion Protection Service
 
 
 
 
DDoS Protection
 
 
 
 

PHYSICAL INFRASTRUCTURE

Virtualization platform / Hardware resources
 
 
 
 
Hardware Server Management and Security
 
 
 
 
Physical Network Management and Security
 
 
 
 
Physical Datacenter Environment
 
 
 
 
Datacenter Physical Security