Shared Responsibility Model
Security and compliance are a shared responsibility between Artifakt and you.
Traditional IT vs. Artifakt (Platform as a Service)
Artifakt follows the Platform as a Service (PaaS) model. We provide you with a platform in which you and your developers can deploy, run and manage web applications.
The shared responsibility model is pretty simple. Artifakt is responsible for everything related to the underlying infrastructure (the platform) and you are responsible for the data and the source code of your applications.
Artifakt is responsible for managing the platform that will host your web applications.
Artifakt platform relies on cloud providers such as Amazon Web Services. We take care of all the necessary configuration for a stable, secure and efficient platform:
- Roles, identities and access management to the cloud accounts
- Quotas and limits
- Networking – Regions, availability zones, VPCs, Subnets, IP pools
- Security – Open ports, inbound / outbound rules, private services, encryption in transit and at rest
- Traffic management – CDN, firewall rules, certificates renewal, load balancing
- Domain – HTTPS redirection, artifakt.dev domains
For security and liability reasons, we cannot use or integrate an existing cloud account.
Artifakt platform includes volumes to store your data and your code. We are responsible for providing and maintaining these volumes up and running:
- Volume availability and performance (IOPS depending of the storage size)
- Security – Access management between services and encryption at rest
- Data durability and automatic backups
Be careful not to confuse data storage management with data management. For more details, please see the Data Management section below (your responsibility).
Artifakt technology uses compute services to run your web applications. We take care of managing this complexity for you:
- Infrastructure – Select the right cloud services and sizing
- Lifecycle management – Build, update and destroy all platform services
- Security – OS updates, patches and access management between services
- Reliability – High availability and scalability
- Access management – Store infrastructure credentials, SSH and SFTP access management
- Configuration – Apply customer's configuration (such as environment variables).
Artifakt offers default runtimes for popular languages and applications such as Wordpress or Magento. We are responsible for building and maintaining these runtimes and required additional services to run your applications (such as MySQL or Redis):
- Install required packages and librairies
- Start required additional services and apply right sizing
- Configure runtimes and services in accordance with the editors' requirements
- Improve runtimes and release new versions (within 6 months after editors' official releases)
- Keep runtimes available anytime
These runtimes and services are configured to run standard versions of the language or the application. If your application needs customization, you can override default runtime and services configuration but it will become your responsibility, see Specific Configuration below.
As an Artifakt customer, you are responsible for the application and data you will host on our platform, including the specific configuration.
You are responsible for implementing strong security measures in your applications and making sure that your application works perfectly:
- Git – Code and sub-module availability, Git configuration and integration
- Security – Code quality, security patches and code audits
- Errors – Bugs and bad behavior of your application
- Speed – Application performance, page loading time, function execution time
- Logs – Application log storage (remember to purge logs), custom log paths
- Configuration files – Application, database, third-party modules
- Jobs – Build, code deployments, tasks and hooks
- Usage – Resource usage, available disk space and limits (you should monitor applications regularly)
- Traffic – Web server configuration, redirections
Sometimes you will need to override the default configuration and runtime depending on the needs of your application. For example:
- Override the default runtime by modifying packages, libraries and configurations
- Apply different settings to additional services or runtime
- Modify the build and deployment workflow (by changing steps and commands)
If you do, then you take full responsibility for the reliability, security and performance of your application.
You are responsible for any docker image that you use for the "Custom Runtime" option.
You are also responsible for any additionnal configuration you add to the Artifakt-provided images.
Artifakt provides you with volumes to store your data but all of the following remain your responsibility:
- Database parameters and structure of your data (charset, schema, indexes, etc.)
- Data consistency – You are responsible if you remove, add or modify data
- Manual backups – Export, import or synchronize data between environments
- Data access management – Who can access to your data
- Data anonymization
- Persistent and shared directories configuration
- Correct storage sizing, monitoring of remaining free space and IOPS limits
- Performance – Slow queries, cache and time to retrieve and process data
Artifakt will never access your data, at any time and under any circumstances, even if you request it.
You are responsible for all configurations:
- Workspace – Workspace name, Cloud provider, default deployment region
- Project – Deployment region, default runtime and version, association with a Git repository and notification settings
- Environment – Criticality, branch name, platform type, platform sizing and all other settings
- Jobs – Flush cache, code deployments, maintenance mode, rollbacks
You are responsible for properly managing access to your Artifakt account and environments:
- User profile
- Adding and managing members and roles
- SSH keys and SFTP credentials
- IP groups and environment restrictions (by IP or password)
- Custom domain configuration and DNS management
Last modified 1yr ago