Skip to content

Shared Responsibility Model

As the customer (referred to as “you”, “your”, “Customer”) delves into assessing and appraising public cloud services, it's vital to grasp the shared responsibility model. This model delineates the distinct security responsibilities between you as the user and 42Gears Mobility Systems Pvt. Ltd (including its subsidiaries and affiliates referred as “42Gears”, ” we”, “us”, “our”) as a cloud service provider (CSP). Understanding this division is pivotal as it directly influences security protocols and management tasks.

The responsibility for data security and privacy when using 42Gears cloud services is a collaborative effort between you and us. We offer a model that provides an overview of our cloud environment's architecture, identified as a Software as a Service (SaaS), and the related responsibilities.

Division of Responsibility

Category Scenario SAAS On-Premise
Application functionality The application is not performing as anticipated 42Gears Responsibility 42Gears Responsibility
Application vulnerability A newly identified critical vulnerability has been reported regarding the application , who is responsible for patching the appropriate systems 42Gears Responsibility 42Gears Responsibility
Infrastructure vulnerability There has been a new critical vulnerability reported regarding to infrastructure, who is responsible for patching the appropriate systems 42Gears Responsibility Customer Responsibility
Access control Provisioning application access to end users

Shared Responsibility

42Gears: Offer security measures that enable customers to efficiently oversee their user management.
Customer: Ensure the appropriate users have access to the application and corresponding data and follow the policy of least privilege through regular reviews

Physical Infrastructure Maintenance Ongoing efforts to sustain and optimize essential systems, ensuring reliability and performance through regular upkeep for a robust operational environment 42Gears Responsibility Customer Responsibility
Business continuity Plans and actions to sustain operations during disruptions, aiming to minimize downtime and mitigate potential losses 42Gears Responsibility Customer Responsibility

CUSTOMER’S RESPONSIBILITY

  1. Identity and Access Management: Customers hold the ultimate responsibility for safeguarding their data within SureMDM application environments. This means overseeing several critical aspects: controlling application access to restricted users and reviewing the access regularly. When setting up accounts for each user on SureMDM console, make sure each user only has access to the features and data they need.
  2. Integration: By default, SureMDM does not enforce integrations. If you wish to integrate the product with other applications, the responsibility for establishing, managing, and ensuring data interchange rests with you. It's crucial to carefully select third-party services to avoid compromising security. 
  3. Passwords: To fortify security for SureMDM application accounts, users should adhere to several essential practices. Firstly, creating robust passwords is key; these should be unique, combining uppercase and lowercase letters, numbers, and symbols while avoiding personal information and ensuring ample length. Secondly, protecting passwords from unauthorized access is critical, necessitating measures like refraining from sharing them, avoiding written records, and exercising caution when entering passwords on public networks or devices. Lastly, where available, enabling Two-Factor Authentication (2FA) adds an extra security layer. This method demands a secondary verification factor, like a mobile-sent code, bolstering the account's overall security.
    The following are the integrations:

    • CISCO - Identity Services Engine with CISCO 
    • NAC (Aruba clear pass) - integration with Aruba Clearpass ensures network security while business endpoints are accessing the company’s network
    • SIEM - Security Information and Event Management through Splunk
    • SSO - Authentication based on single sign-on 
    • Intel AMT - out-of-band management through Intel’s Active Management Technology (AMT) system, for devices built on the Intel vPro® platform
    • Things - Framework to manage connected device and their accessories or peripherals  
    • Service Now - capturing notifications for specific device-related events in real-time on the Webhook URL
    • Webhooks - capturing of notifications for specific device-related events in real-time on the Webhook URL
    • Office 365 - SureMDM offers office365 integration which helps admins to configure and deploy restriction policies (Data loss prevention features) 
    • Ad integration - Users and Groups can be created in the AD and synced with SureMDM
    • SCEP - Simple certificate enrolment protocol through SureMDM 
    • MEM - Control mobile device email through Mobile Email Management
    • Zebra Lifeguard - Zebra LifeGuard OTA (Over-The-Air) allows you to manage and restrict firmware updates on Zebra devices
    • Samsung E-Fota - Samsung Enterprise FOTA (Firmware Over-The-Air) allows you to manage and restrict firmware updates on Samsung devices
  4. Data Accountability: The responsibility lies with you to guarantee that user access to the application is regulated by your organization's policy, adheres to the principle of least privilege, and secures the data included in the Software as a Service (SaaS) offering.

The data you disseminate and receive via the cloud is your responsibility. You control who has access to it, for how long, and by what methods it is shared. Safeguarding the privacy of data you manage through 42Gears services is crucial to avoid unintended or intentional public disclosure of any private content.

Accuracy in processing data within your system is paramount. Ensure the precision of information throughout its lifecycle. It's important to make sure your 42Gears service account is not misused by you or anyone on your behalf for spamming or illicit activities, and that 42Gears' services are used strictly for their designated purposes.

CSP’s RESPONSIBILITY

At 42Gears, we are unwaveringly committed to ensuring the security, privacy, and availability of our products, systems, and data. This steadfast dedication empowers us to consistently provide our users with trusted experiences, day in and day out.

For detailed insights into our commitment and practices, we encourage you to explore our Trust Center.

Our top priority is safeguarding your data and upholding your privacy rights. Our Privacy Policy comprehensively outlines various aspects, including the types of information collected, the legal basis for data collection, how we utilize this information, our sharing protocols, and our approach to managing the content you input into our products and services.

SHARED RESPONSIBILITIES

  1. Data Management: Data management involves the comprehensive handling of data from collection to protection. Within SaaS applications, this responsibility is shared between providers and customers. Providers manage infrastructure, ensuring data integrity, access controls, and compliance with regulations. Customers classify their data by sensitivity, ensuring proper protection. They responsibly use data as per service terms and privacy agreements, fostering a collaborative approach to effective data management within SureMDM environments.
  2. Incident Management: Incident management in SureMDM applications is a joint responsibility shared between us and customers. We will handle incident detection, investigation, response, and post-incident analysis, using security tools and response plans to contain and learn from incidents. Customers are responsible for reporting suspicious activity, cooperating in investigations, implementing recommended measures, and reviewing internal security protocols. This collaborative approach ensures swift incident response, with providers monitoring and responding to threats while customers assist and enhance their security measures, safeguarding operations and data integrity.
  3. Awareness and Training: Cybersecurity awareness is a joint responsibility shared between 42Gears and customers. While providers secure application infrastructure, educating users is vital. The customers must enforce security policies, conduct regular awareness sessions, and provide ongoing training. This shared commitment fosters a cybersecurity culture, minimizing errors, bolstering defenses, and safeguarding valuable application data.
  4. Policy and Compliance: Policy and compliance play an integral role in the shared responsibility model. 42Gears maintain and add (If required )security policies aligned with industry standards and best practices, conduct regular security audits, adhere to applicable data privacy laws, and provide transparency regarding their security practices. Customers, on the other hand, must develop and enforce internal security policies, train employees, implement access controls, monitor cloud usage, and comply with relevant data privacy regulations. 

CONCLUSION

Through collaboration and adherence to clear policies and compliance requirements, We as CSP’s and Customers can foster a secure and compliant cloud environment that safeguards sensitive data and adheres to regulatory standards. We have a comprehensive security risk management program in place and have effectively implemented the controls detailed in our CSA STAR response.

For more information, please write to us or contact us at security@42gears.com.


Release Date: 24-05-2024
Version: 1.0