Domain Registrations. Shared Hosting. Office 365 and Hosted Exchange #DOMAINS #HOSTING #

Similar documents
Eight Minute Expert GDPR

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

SoftLayer Security and Compliance:

ECSA Assessment Report

epldt Web Builder Security March 2017

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Eight Minute Expert GDPR. Login. Password

Version 1/2018. GDPR Processor Security Controls

Proposal for a model to address the General Data Protection Regulation (GDPR)

General Data Protection Regulation

Why the cloud matters?

Procedure: Bring your own device

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Tucows Guide to the GDPR. March 2018

Security Principles for Stratos. Part no. 667/UE/31701/004

PS Mailing Services Ltd Data Protection Policy May 2018

OnlineNIC PRIVACY Policy

Data Security and Privacy Principles IBM Cloud Services

GDPR Compliance. Clauses

Fundamental Concepts and Models

ASD CERTIFICATION REPORT

Site Builder Privacy and Data Protection Policy

Service Description VMware Horizon Cloud Service on Microsoft Azure

A1 Information Security Supplier / Provider Requirements

Security Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

Magento Commerce Architecture and Security Model Last updated: Aug 2017

Data Protection and GDPR

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Eco Web Hosting Security and Data Processing Agreement

CompTIA CV CompTIA Cloud+ Certification. Download Full Version :

Service Description VMware Horizon Cloud Service on Microsoft Azure

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

Implementing Microsoft Azure Infrastructure Solutions

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

20533B: Implementing Microsoft Azure Infrastructure Solutions

A company built on security

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

IBM Case Manager on Cloud

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Google Cloud & the General Data Protection Regulation (GDPR)

The Challenge of Cloud Security

Managing SaaS risks for cloud customers

[MS10992]: Integrating On-Premises Core Infrastructure with Microsoft Azure

Chapter 4. Fundamental Concepts and Models

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Exam : Implementing Microsoft Azure Infrastructure Solutions

Impacts of the GDPR in Afnic - Registrar relations: FAQ

SERVICE DESCRIPTION MANAGED BACKUP & RECOVERY

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

Proposed Interim Model for GDPR Compliance-- Summary Description

App Gateway Deployment Guide

Privacy Policy Inhouse Manager Ltd

CogniFit Technical Security Details

Service Description VMware Workspace ONE

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

Information Security Controls Policy

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

Statement of Compliance Cloud Platform

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )

Cloud Security Standards Supplier Survey. Version 1

General Data Protection Regulation

VMware AirWatch Content Gateway Guide for Linux For Linux

Part 1: Items that Contracted Parties Need from ICANN before May 25 - Prior to Implementation

Network Security Policy

Cloud Computing, SaaS and Outsourcing

CHALLENGES GOVERNANCE INTEGRATION SECURITY

Service Description Safecom Customer Connection Version 3.5

Open Source and Free Software 2015:

Cloud Pricing Privacy Policy

10:30 Welcome. 10:35 Introduction to GDPR Andrew Dent, EU GDPR. Followed by Q&A. Break

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

VMware AirWatch Content Gateway Guide For Linux

Data Processor Agreement

VMware AirWatch Content Gateway Guide for Windows

Cloud Customer Architecture for Securing Workloads on Cloud Services

Securing Your Cloud Introduction Presentation

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

SERVERS / SERVICES AT DATA CENTER AND CO-LOCATION POLICY

MANAGED CLOUD SERVICES

Level 3 Certificate in Cloud Services (for the Level 3 Infrastructure Technician Apprenticeship) Cloud Services

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

ICANN GDPR Proposed Models Redaction Proposal EXECUTIVE SUMMARY:

Security Information & Policies

Mitigating Risks with Cloud Computing Dan Reis

Echidna Concepts Guide

WELCOME ISO/IEC 27001:2017 Information Briefing

Checklist: Credit Union Information Security and Privacy Policies

IBM dashdb for Analytics

Flexible Computing Advanced User Guide

Transcription:

GDPR Compliance Responsibilities on Blacknight Products April 2018

GDPR is due to come into force May 25 th 2018. It sets out regulations for security and privacy controls required when handling Personally Identifiable Data (PII). This document attempts to clarify the responsibilities of both Blacknight and the Customer for the various platform services, which Blacknight provides. Blacknight offer domain registrations, shared hosting, Cloud servers, dedicated & co-located servers, hosted mail (Q-mail, Hosted Exchange) and Office 365 platforms for customers to host their data with us. Each platform type is different and whilst we control the platform, we do not have visibility on a customer s data and therefore we are not always considered to be a data controller under GDPR regulations. As this document attempts to clarify, Blacknight have full responsibility for managing the security and integrity of the platform, shares responsibility with regard to data protection in some cases, and in other areas, the customer is completely responsible as the data controller. Domain Registrations Blacknight register domain registrations on behalf of its customer with various registries or registry resellers (registrars). The data collected by Blacknight is a requirement of the registration process and some of this data is used in populating the WHOIS database, which provides transparency of domain registration globally. Most of this is publicly available information and can be retrieved via a WHOIS query. Blacknight do not control this data, and collection of this data is a requirement under ICANN contractual obligations or the specific policies and contractual requirements imposed by the domain registries. (Internet Corporation for Assigned Names and Numbers) ** Shared Hosting Blacknight provide a range of Shared Hosting services, which allow a customer to provision a website, store database information, and host their email accounts on shared servers (Servers that share resources with other customers). The responsibility for securing the data is therefore shared between Blacknight and the customer. Blacknight are responsible for securing the shared hosting infrastructure (the underlying hardware and operating systems) supporting the platform whilst the content, passwords, access to the data etc. is the responsibility of the customer. In addition, the customer is responsible for their own backups and for securing the CMS applications by keeping them up to date. Office 365 and Hosted Exchange Office 365 is Microsoft's online cloud platform mail service, which Blacknight resell through our control panel. We only manage the Office365 accounts via our control panel integration on behalf of Microsoft. The email data is hosted on data centres situated within the EU. Office365 offers solutions to protect customer data such as lockbox, threat management and data loss prevention on specific versions to enhance security and data protection. Hosted Exchange accounts on the Odin platform are managed by the control panel admin (customer) whilst the mailboxes are stored on Blacknight servers within Ireland. **This is currently under review with ICANN

SSL Certificates Blacknight are authorised resellers of SSL certificates and we collect PII information (name email address, CRO number etc.) pertaining to the certificate to provide the SSL provider with the information necessary to validate the registrant. Where our support team have been requested to provide assistance in the installation of an SSL cert, we store any generated CSR (cert signing request) or private keys in an encrypted database. BaseKit sitebuilder BaseKit is a third party site-builder platform, which is available through the Blacknight control panel. This is a cloud based product hosted by BaseKit themselves and similar to how Office 365 accounts are managed via our control panel integration. The data is stored on Base-Kit servers not on Blacknight servers. The account details are maintained in the Blacknight control panel database and a reference ID with domain name is sent to BaseKit. Cloud Server Virtual Machines NIST (National Institute for Standards and Technology) defines three primary cloud service delivery mechanisms: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Blacknight cloud service can be categorised as either PaaS or IaaS depending on the solution. Blacknight are responsible for maintaining the security of the Hypervisor infrastructure, Cloud control panel, infrastructure backups etc. whilst the customer is responsible for the virtual machine (VM) content, for backing up, securing and classifying that content. Physical security of the data is the one responsibility that is wholly owned by cloud service providers when using cloud-computing models. With an IaaS service model, for capabilities such as virtual machines, storage, and networking, it s the customer s responsibility to configure and protect the data that is stored and transmitted. When using an IaaS-based solution, data classification must be considered by the customer at all layers of the solution. The remaining responsibilities are shared between customers and cloud service providers. Some scenarios require Blacknight and the customer to manage and administer the responsibility together, (e.g. in a managed services scenario, Blacknight are responsible for the patching and maintenance of the operating system, whereas the customer is responsible for the configuration of the Operating System and its baseline security). In this scenario, the customer is accountable to ensure their solution and its data is securely identified, labelled and correctly classified to meet any compliance obligation. Network control - includes the configuration, management, and securing of network elements such as virtual networking, load balancing, DNS, and gateways. The controls provide a means for services to communicate and interoperate. This is Blacknight s responsibility as it is outside the control of the customer. In an IaaS solution, the customer shares responsibility with a service provider to deploy, manage, secure, and configure the networking solutions to be implemented. (e.g. IP tables or Microsoft Windows firewall rules)

Dedicated Servers Similar to the cloud services, Blacknight provide dedicated servers for configuration by the customer. The customer leases and has full control of the server and can if necessary remove all access from Blacknight staff. In this instance, the customer has full responsibility for the data and content, whilst Blacknight are responsible for securing physical access to the servers, and where applicable ensuring external firewalls are managed securely. Managed dedicated servers In order to manage the server, Blacknight require access to it via SSH key or admin password. In this instance, Blacknight has a responsibility to ensure there is no unauthorised access outside of the Blacknight engineering team and that access is recorded and/or consent is sought prior to access. Managed private cloud Similar to Managed dedicated servers, managed private cloud require access to the servers which host the virtual machines (VM) and in some cases to the actual VMs themselves. Responsibility for the security and classification of data on the VMs is with the customer, and Blacknight is responsible for ensuring restricted authorised access to either the VMs or the Host hypervisors. Co-located Servers The customer is fully responsible for the configuration, patching and security of any co-located equipment hosted with us. Blacknight are solely responsible for ensuring the service level agreements are met in relation to power and connectivity. Blacknight do not have access to this equipment other than physical access to the rack. Blacknight s sole responsibilities in relation to GDPR therefore, are to ensure physical access to the server is restricted to authorised personnel. Backup services (Acronis /CDP) The customer is responsible for ensuring the security of any passwords /URLs provided for access to the Backup portals. Blacknight is responsible for implementing operational controls to restrict authorised access to the backup servers and data.

Data Control Overview Domains Shared Hosting Cloud Dedicated & Colo Online Backup Managed Servers / Firewalls Office 365 Hosted Email Data Classification End-Point Protection Microsoft Identity & Access Management Application Level Control Network Controls Host Infrastructure Physical Security Legend Blacknight Customer Shared Microsoft Microsoft

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback