What is Zoho’s Shared Responsibility Model?
Zoho Creator: Shared Responsibility Model (Simplified & Revamped)
At Zoho Creator, our mission is to provide a secure, reliable, and compliant low-code platform. We adhere to global standards such as ISO, SOC, and HIPAA. But security isn’t a one-way street—it’s a shared responsibility between us and our customers.
What is the Shared Responsibility Model?
It’s a framework that clearly defines what Zoho Creator is responsible for and what responsibilities fall on you, the customer. While we secure the cloud infrastructure and platform, customers must secure their data, application configurations, and user access.
Responsibility Breakdown
Zoho Creator Responsibilities
We handle the core infrastructure and platform:
- Infrastructure & Hosting: Secure hardware, software, servers, OS, and firewall management.
- Physical Security: Protect data centers against unauthorized access and disasters.
- Network Controls: Enforce firewalls and access control to prevent unauthorized access.
- Platform Security: Built-in defenses like OWASP-compliant security to protect against vulnerabilities.
- Business Continuity & Availability: 99.9% uptime SLA with real-time data replication across data centers.
- Vulnerability Management: Regular scanning, patching, and secure code practices.
- Data Isolation & Confidentiality: Logical separation of data, encryption in transit and at rest.
- Traceability: Keep track of where and how your data is stored.
Customer Responsibilities
As a customer, your role includes safeguarding your end of the environment:
- Device & Endpoint Security: Keep systems updated and secure.
- Data Control: Use strong authentication, manage who can access what.
- Password Management: Create and maintain secure passwords.
- Secure App Design: Avoid hardcoded credentials, enable encryption for sensitive fields, validate inputs, and apply strict access permissions.
- Data Management: Control who can see, edit, or export data. Remove unused user accounts and devices.
- Compliance: Know your legal obligations (e.g. GDPR, HIPAA), conduct DPIAs if necessary, and manage user consent for data processing.
Shared Responsibilities
Some areas require collaboration between you and Zoho Creator:
- Application Security Design: You design your app securely; we provide secure tools.
- Encryption: We enforce encryption; you enable and use it properly (e.g., for exports or third-party sync).
- IAM (Identity & Access Management): We provide features; you configure and maintain user roles, permissions, and MFA.
- Backups: We manage cloud backups; you can export and safely store your own copies.
- Logging & Auditing: We log key activities; you must review and act on these logs.
- Data Transfers & Integrations: We vet sub-processors; you must review the third-party services you use.
- Incident Handling: We notify you of relevant breaches; you must report user-side incidents and take appropriate action.
- Training: We train our staff; you educate your users on best security practice
Related Articles
- Know more about Identity and Access Management
- Know more about Backup
- Know more about Logs
