Responsibility for security in BigAnimal is shared between you and EDB. EDB provides a secure platform that enables you to create and maintain secure database clusters deployed on BigAnimal. You have several responsibilities around the security of your clusters and the data they contain. These responsibilities are the same whether you use your cloud or BigAnimal's cloud account as your deployment option except where noted.
The following responsibility model describes the distribution of specific responsibilities between you and EDB.
- You are responsible for choosing whether to enable high availability.
- EDB is responsible for properly configuring and maintaining replication between database nodes.
- If you choose to use asynchronous replication (not recommended), you are responsible for managing replication lag between database nodes.
- EDB is responsible for deploying database nodes across availability zones, where available.
- You are responsible for ensuring your applications reconnect when network connectivity is interrupted.
- EDB is responsible for deploying clusters with the infrastructure you choose and managing and monitoring these infrastructure resources.
- You are responsible for data modeling, query design, and scaling the cluster to meet your performance needs.
- EDB is responsible for deploying, managing, and monitoring the underlying infrastructure supporting your clusters.
- You are responsible for choosing the appropriate configuration for your workload, including instance type, storage, and configuration.
- If you're using your cloud account, you are responsible for managing your cloud resource limits to ensure the underlying infrastructure can be provisioned.
- EDB is responsible for taking backups and archiving transaction logs and storing them in object storage instances.
- You are responsible for the charges associated with the cloud object storage solution. If you're using BigAnimal's cloud account, these charges are passed along to you in your monthly rates.
- You are responsible for periodically restoring and verifying the restores to ensure that archives can meet your recovery time and recovery point objectives.
- EDB is responsible for data encryption at rest for both backups and live data.
- EDB is responsible for data encryption in transit for both intra-cluster traffic and traffic between clusters and backup storage.
- You are responsible for data encryption in transit between your applications and your cluster. BigAnimal clusters support, but don't require,
- You are responsible for application-level encryption to protect particularly sensitive data from unauthorized access by your authorized users and applications.
- EDB is responsible for securely managing your edb_admin credential. The edb_admin credential is never stored in plaintext.
- You are responsible for managing and securing your cluster users and their passwords.