Updated on: July 12th, 2020
- Data accountability
- Client and end point security
- Identify and access management
- Data management
- Managing data to other parties
- Incident management
- Awareness and training
- Policy and compliance
- Data security
- Business continuity
- Network controls
- Host infrastructure
- Physical security
We have put together this guide to help you understand what Zoho does to keep your account safe, what you can do to secure your data, and how we can work together to achieve a safe cloud environment.
Let's look at how you are responsible for protecting your data in the cloud and the security of your devices.
You are responsible for:
- The data you share and receive over the cloud. You decide whom you share it with, the period, and the means of sharing.
- Ensuring the privacy of data you handle using Zoho services, to ensure that you do not accidentally or willingly make any private content publicly available.
- Maintaining the accuracy of the data that you process in your system.
- Ensuring that your Zoho service account is not used by you or others on your behalf for spamming or illegal activities, that Zoho's services are only used for their intended purposes.
You are responsible for creating a strong password and safeguarding it when you use it to log in and access the cloud.
Client and end-point security
- The compromise of one of your endpoints (whether your laptop, desktop, or smart phone) will render all other controls ineffective.
- You are responsible for your end-point security and are expected to keep your browser services, mobile OS, and mobile applications updated to the latest version and patched against vulnerabilities.
We are responsible for the protection 'of' the cloud and related controls that run all Zoho services.
- We are responsible for the isolation of your data stored with us. Each customer's service data is logically separated from other customers' data using a set of secure protocols in the framework.
- We are responsible for the confidentiality of your data stored with us at rest, in transmission, and during processing.
- We are responsible for the integrity of both your data and system data such as logs and configuration data.
- We are responsible for traceability and control of your data, such that at any given time, the physical location and processing of data can be known.
- We are responsible for ensuring that our services are available as per our uptime SLA of 99.9% by handling hardware/software failures and threats like denial of service attacks.
- As a customer, you can visit status.zoho.com at any time to view the current site status, as well as past disruptions.
- We are responsible for having a business continuity plan in place for our major operations such as support and infrastructure management.
- We will ensure that the application data stored on resilient storage is replicated across data centers. Data in the primary DC is replicated in the secondary in near real-time, and we can switch to the secondary in case of any disaster.
We are responsible for operating a secure production network. We use firewalls to prevent our network from unauthorized access and undesirable traffic. Access to production networks is strictly controlled.
We are responsible for protecting and securing the host infrastructure. All servers provisioned in the production network are hardened according to the standards. OS patch management, baseline configuration, and Host intrusion detection technologies are adopted to maintain a secure infrastructure.
We are responsible to ensure that our infrastructure is protected from unauthorized physical access, intrusion, and disasters.
The shared responsibility model for cloud security provides clarity on security expectations for cloud users and cloud service providers. However, an understanding of the expectation is just the first step. Users must take action on these responsibilities by creating policies and procedures for their portion of cloud security. Zoho will continue to work hard to keep your data secure—like we always have—and will strive to work towards a secure cloud environment.
For any further queries on this topic, feel free to contact us at email@example.com