Shared Responsibility Model

The first factor in looking at the shared responsibilities, is the Nextworld products the customer is using. The diagram to the right illustrates who is responsible for what based on the control area and the products used by you, the customer. In general, you are responsible for the information entered or created in your Nextworld environment and who accesses the environment and how. Nextworld is responsible for protecting the information within the cloud infrastructure.

Screenshot 2022 03 09 at 11 13 48
Customer Responsibilities

Controls that are the sole responsibility of the customer.

  • Data flow definition and classification – Data inventory, classification, labeling and retention.
  • Device protection – Antivirus protection, acceptable use policies, mobile device management, remote work policies.
Shared Responsibilities

Controls that Nextworld and the customer have responsibility for depending on the context of the control.

  • Identity and access management – The customer is responsible for account management, role & permission assignment, and multi-factor authentication for users accessing the customer instance. Nextworld is responsible for the security controls for accessing the infrastructure components.
  • Application controls – Nextworld is responsible for the securing the code base, processing integrity within the applications, and change management on the base product. The customer is responsible for configurations made in the applications and processing integrity and change management for applications they develop in the Platform.


Nextworld Responsibilities

Controls that are the responsibility of Nextworld.

  • Infrastructure – Operating systems, runtime services, and database management
  • Network controls – Encryption, load balancing, auto-scaling, geo-location restrictions.
  • Data backup and recovery – Database backups, storage and recovery procedures.
Infrastructure Service Provider

Controls that are the responsibility of the infrastructure service provider.

Physical security – Access and environmental protections of the data centers and hardware. Nextworld leverages world class infrastructure service providers that provide the physical and environmental protections.