Shared responsibility model

Shared responsibility for information security

We implement all the required security measures for cloud infrastructure, but reliable protection requires joint efforts. While on-premise infrastructure security is the user’s sole responsibility, in the case of cloud services, this responsibility is shared between the provider and customer depending on a specific service (colocation, IaaS, PaaS, or SaaS).

In case of colocation, K2 Integration (“K2”) is responsible for physical security and the high availability of the colocated equipment.

In the case of IaaS, K2 shall be responsible for physical security and high availability of the platform itself, network protection, and collection and analysis of security events concerning hypervisors and other infrastructure components. On their part, the customer admits the responsibility for backing up virtual machines, securing the virtual network and guest operating systems, and controlling access to their resources.

For managed services (PaaS/SaaS), the provider additionally ensures infrastructure security at higher levels, virtual machine protection, and database backup.

Shared responsibilities for information security depending on service types: