Shared Responsibility Model
Overview
Security and compliance in the cloud are a shared responsibility between Exoscale and its customers.
While Exoscale ensures the security of the cloud—the infrastructure, platform services, and managed components—customers are responsible for the security in the cloud, meaning how they configure, deploy, and manage their own environments and data.
The objective of this model is to provide clarity about which party is accountable for which controls, ensuring that all security and compliance requirements are properly addressed.
This model applies to:
- IaaS services (Compute, Object Storage, Private Networks, etc.)
- DBaaS services (managed PostgreSQL, MySQL, Kafka, Valkey, etc.)
1. Responsibility Split
Exoscale Responsibilities
Exoscale is responsible for securing and maintaining the underlying infrastructure, including:
- Physical security of data centers and network infrastructure
- Virtualization and orchestration layers used to provision resources
- Platform-level identity and access management, including console and API access
- Core service availability, redundancy, and disaster recovery
- Encryption of data at rest in managed layers (e.g., Object Storage, DBaaS volumes)
- Vulnerability management and patching of the platform and managed services
- Monitoring and logging of the platform environment for operational and security events
- Regulatory compliance of the infrastructure (ISO 27001, SOC 2, C5, HDS, etc.)
Customer Responsibilities
Customers are responsible for securing and managing the resources they control, such as:
- Configuration and operation of virtual machines, containers, and applications
- Classification, protection, and lawful processing of their data
- Implementation of encryption within applications and databases (including field-level or client-side)
- Network design and access controls within their Virtual Private Networks.
- User and role management within their tenant and workloads
- Logging and monitoring of their applications, guest OS, and user activities
- Backup and restoration of their data (IaaS)
- Compliance with applicable legal and regulatory requirements, such as GDPR or sector-specific laws
2. Managed Service (DBaaS) Context
For managed services like Exoscale DBaaS, Exoscale operates part of the service in partnership with Aiven, an ISO 27001-certified provider.
Exoscale and Aiven are jointly responsible for the security of the managed service platform, while customers remain responsible for how they use the service—including schema design, data protection, and access control within their databases.
All DBaaS instances are hosted within Exoscale infrastructure and within the EEA or Switzerland, in line with Exoscale’s data residency commitments.
3. Shared Responsibility Matrix (SRM)
The following matrix summarizes the division of responsibilities across control domains for both IaaS and DBaaS (PaaS) environments.
| Control Domain | IaaS (Customer) | IaaS (Exoscale) | PaaS/DBaaS (Customer) | PaaS/DBaaS (Exoscale/Aiven) |
|---|---|---|---|---|
| Data classification & app-layer access | Customer | – | Customer | – |
| Encryption in transit | Customer (workloads) | Exoscale (platform) | Customer (client→service) | Exoscale/Aiven (service endpoints) |
| Encryption at rest | Customer (VM guest/app layer; CMKs where supported) | Exoscale (object storage layer only) | Customer (app schema/field-level) | Exoscale/Aiven (volumes and backup) |
| Key management | Customer (CMK/HYOK where available) | Exoscale (platform keys, object storage encryption key) | Customer | Aiven/Exoscale (service keys; CMK options per service) |
| IAM within tenant | Customer | – | Customer | – |
| Platform IAM, SSO for console/API | – | Exoscale | – | Exoscale |
| Network security (PrivNet, SGs, WAF in-tenant) | Customer | – | Customer | – |
| Perimeter/DC physical security | – | Exoscale/Providers | – | Exoscale/Providers |
| Vulnerability mgmt (guest/containers) | Customer | – | Customer | – |
| Vulnerability mgmt (platform/services) | – | Exoscale | – | Exoscale/Aiven |
| Logging/monitoring (tenant workloads) | Customer | – | Customer | – |
| Platform/service logs & monitoring | – | Exoscale | – | Exoscale/Aiven |
| Backup/restore (tenant data) | Customer (IaaS) | – | Customer config | Exoscale/Aiven (managed backup per service) |
| BC/DR objectives (platform) | – | Exoscale | – | Exoscale/Aiven |
4. Practical Implications
- Customers retain full control of their hosted data and workloads.
- Exoscale provides the secure, compliant infrastructure and ensures operational resilience of the underlying platform.
- In regulated contexts (e.g. healthcare, financial services), customers can use this matrix to demonstrate their shared compliance posture.
- The model supports frameworks such as ISO 27001, HDS, SOC 2, C5, and NIS2 by clarifying which controls fall within each party’s domain.
5. Further Information
- Compliance Center: access ISO, SOC 2, and C5 reports under NDA
- Data Processing Agreement (DPA): defines audit rights and subcontracting conditions
- Contact: security@exoscale.com