Aerospike Cloud Shared Responsibility Model
The security, compliance, and operational integrity of Aerospike Cloud is a shared responsibility between the cloud provider (AWS and GCP), Aerospike, and the customer. This model clarifies who is responsible for each aspect of running your database securely and reliably.
Responsibilities overview
| Category | Aerospike Responsibilities | Customer Responsibilities |
|---|---|---|
| Infrastructure Management | Deploys and manages the underlying infrastructure (compute, storage, networking) in the selected public cloud. Applies OS patching, security updates, and hardening to all Aerospike-managed systems. Meets uptime SLAs. | Select the cloud provider, region, and cluster configuration (number of zones, replication factor, storage mode) to best support your application’s availability, resiliency, and latency requirements. Plan database compute and storage capacity to meet your applications performance, scalability, and cost objectives. |
| Network Isolation & Connectivity | Provides secure network connectivity options (e.g., VPC peering, dedicated VPCs). Manages network configuration, including security groups, firewall rules, and TLS for Aerospike Cloud API/UI and database traffic. | Configure VPC peering or private endpoint connections from your environment. Manage allow/deny lists, security groups, and firewall rules for your applications and VPCs. Manage TLS connectivity based on your organization’s security requirements. |
| Access & Identity Management | Provides and enforces RBAC in the Aerospike Cloud API/UI and Database. Requires TLS for all control plane and enables TLS access to the database by default. Manages the lifecycle of platform-managed secrets and encryption keys. | Create and manage database and control plane users, roles, and credentials. Review access and rotate credentials according to your organization’s policies. |
| Aerospike Database Management | Installs, configures, patches, and upgrades Aerospike database software and underlying OS. Applies non-breaking changes with zero downtime; breaking changes are automatically applied (with proper notification) to ensure that the database is running on a supported version. Automatic node failure management and recovery | Configure database settings to meet workload needs. Manage indexes and performance tuning. |
| Application Security | Provides secure, TLS-encrypted connections and guards against platform-level vulnerabilities. | Secure your application code and APIs, protect against injection, misuse, and data leaks. Ensure proper TLS configuration in clients. |
| Encryption | Encrypts all data in transit with TLS 1.2 (strong cipher suites) and at rest with AES-256. Manages certificate rotation and key lifecycle. Ensure client applications use TLS certificates for connectivity. | |
| Customer Data | Ensure data integrity, availability, and consistency characteristics based on requested customer configuration. | Own and manage all stored data, including retention, archival, and deletion policies. Establish and maintain BCDR procedures (e.g. backup, restore, and testing) in alignment with your application and organization’s availability and compliance requirements. Ensure secure access controls for stored data. |
| Monitoring & Alerting | Monitors infrastructure and database health. Provides metrics and logs for customer visibility. | Monitor application-level performance, cluster utilization (CPU, memory, storage), and query patterns. Scale clusters as needed to maintain performance. |
| Disaster Recovery | Supports deployment of standby clusters for DR scenarios. Ensures platform readiness for failover. | Configure and maintain standby clusters. Establish and maintain BCDR procedures (e.g. backup, restore, and testing) in alignment with your application and organization’s availability and compliance requirements. |
Aerospike responsibilities
Aerospike provisions and manages the infrastructure and platform to deliver the Aerospike Cloud service. This includes:
- Deploying and maintaining compute, storage, and networking in selected public clouds
- Applying OS patching, vulnerability remediation, and system hardening
- Installing, configuring, upgrading, and securing the Aerospike database software
- Data integrity and availability is maintained during all updates
- Managing encryption of data in transit (TLS 1.2) and at rest (AES-256)
- Maintaining high availability, failover, and zero-downtime scaling where possible
- Providing metrics and logging for visibility into database performance and health
- Meeting service-level agreements for uptime and performance
Customer responsibilities
You are responsible for configuring and operating your Aerospike Cloud environment to meet your application and business requirements. This includes:
- Selecting cloud provider, deployment region(s), and instance types
- Configuring network connectivity (VPC peering, private endpoints, allow/deny lists, security groups, firewall rules)
- Managing access control for both the control plane and Aerospike database, including users, roles, and credential rotation
- Tuning database configuration and performance settings for your workload
- Ensuring your cluster has sufficient capacity for your use case by monitoring CPU, memory, and storage utilization and scaling appropriately
- Securing your application code and APIs, including implementing protections against injection and data leaks
- Owning and managing all stored data, including retention, archival, and deletion policies
- Performing backups, testing restore procedures, and executing recovery when required
- Ensuring compliance with industry and regulatory requirements applicable to your data
- Monitoring application and database performance and responding to alerts
- Planning and executing disaster recovery, including configuring standby clusters and maintaining tested recovery processes