Shared Security Responsibility Model
The Shared Security Responsibility Model is a framework embraced by many cloud service providers such as Amazon AWS, Slack, Google, and Microsoft, to describe the specific security responsibilities assigned to both the customer and the cloud provider.
Within this framework:
- JFrog is responsible for the security of the cloud itself.
- The Customer responsible for the security within their cloud platform and for aligning with their organization’s information security standards.
JFrog’s Responsibility: Security of the Cloud
JFrog is responsible for the security of the infrastructure that underlies all JFrog Cloud services. In addition, JFrog is responsible to provide features you can use to secure the data that you host in the JFrog Cloud.
Your Responsibility: Security in the Cloud
JFrog SaaS/Cloud customers are responsible for the policy, information and user accounts hosted in the cloud. For example, setting the right users’ permissions, avoid using anonymous access, enforcing multi-factor authentication, remove unnecessary users, use an access control (e.g. IP whitelist), and reviewing activity log for abnormal activity.