Shared Responsibility Model
When an organization runs its own on-premises data centers, control over security is straightforward: it falls solely on the shoulders of that organization. They are solely responsible for maintaining the CIA Triad of Confidentiality, Integrity and Availability of their systems, as well as the data stored within them.
In a hybrid or cloud environment, the responsibility for maintaining the CIA Triad is shared with a cloud service provider (CSP), such as SmartFile, under a Shared Responsibility Model.
In simplest terms, a Shared Responsibility Model denotes that CSPs are responsible for the operation of security controls of the cloud, and customers are responsible for securing the data they put in the cloud utilizing the provided tools.
The CIA Triad protection only works when the security controls are tailored to fit the individual needs of an organization.
SmartFile Responsibility
SmartFile is responsible for protecting the underlying infrastructure (hardware, software, networking and facilities) upon which the cloud platform operates.
SmartFile is also responsible for the availability and functionality of the world class security controls customers may choose to utilize.
Customer Responsibility
Customers are responsible for utilizing the provided security controls to configure their SmartFile account to meet the unique requirements of their organization.
Customer responsibilities include:
File contents stored on the SmartFile platform
Initiating file transfers in/out of SmartFile using the appropriate encryption options
User account provisioning
User account deprovisioning
SSO/LDAP Integration settings
Permissions
File storage locations
File expiration/deletion settings
SSL Settings
IP Whitelisting/country restrictions
Encryption options
User awareness and training
Automations configuration
Public Hosting configuration
Share Links settings
SmartFile Security Controls
The following are a select list of the security controls that SmartFile provides for customers to meet their unique security needs:
File retention rules
Checksum value via API
Deleted file retention
Custom SSL Certificates
Session expiration
Multiple 2FA methods
2FA required
Password Controls, including Length, Complexity, History, Expiration
Permissions: User, Group, Folder
Multiple SSO/LDAP Integration options
Rest API
Account Provisioning, including password setting options, 2FA options, and SSO/LDAP integration options
Account Deprovisioning, including automatic user lockout options, and automatic inactive user deletion options
Please reference the SmartFile Documentation for more detailed information
Last updated