Shared Responsibility Model

When an organization runs its own on-premise data centers, control over security is straightforward: it falls solely on the shoulders of that organization. They are solely responsible for maintaining the CIA Triad of Confidentiality, Integrity and Availability of their systems, as well as the data stored within them.

In a hybrid or cloud environment, the responsibility for maintaining the CIA Triad is shared with a cloud service provider (CSP), such as under a Shared Responsibility Model.

In simplest terms, a Shared Responsibility Model denotes that CSPs are responsible for the operation of security controls of the cloud, and customers are responsible for securing the data they put in the cloud utilizing the provided tools.

The CIA Triad protection only works when the security controls are tailored to fit the individual needs of an organization. Responsibility is responsible for protecting the underlying infrastructure (hardware, software, networking and facilities) upon which the platform operates. is also responsible for the availability and functionality of the world class security controls customers may choose to utilize.

Customer Responsibility

Customers are responsible for utilizing the provided security controls to configure their account to meet the unique requirements of their organization.

Customer responsibilities include:

  • File contents stored on the platform
  • Initiating file transfers in/out of using the appropriate encryption options
  • User account provisioning
  • User account deprovisioning
  • SSO/LDAP Integration settings
  • Permissions
  • File storage locations
  • File expiration/deletion/retention settings
  • SSL Settings
  • IP Whitelisting/country restrictions
  • Encryption options
  • User awareness and training
  • Automations configuration
  • Remote Server Sync settings
  • Remote Server Mount settings
  • Public Hosting configuration
  • Share Links settings
  • Inboxes settings
  • Virus Scanning
  • Data Classification
  • Data Governance
  • Content/DLP scanning
  • Session timeout settings
  • End user logging Security Controls

The following are a select list of the security controls that provides for customers to meet their unique security needs:

  • File expiration
  • File hash value via API
  • Deleted file retention
  • Storage region selections
  • Multiple storage regions on certain plans
  • Custom SSL Certificates
  • Session IP Pinning
  • Session expiration
  • Brute force protection options
  • Multiple 2FA methods
  • 2FA required
  • Globally unique usernames
  • Password Controls, including Length, Complexity, History, Expiration
  • Prevent use of breachable passwords
  • Permissions: User, Group, Folder
  • IP Whitelist
  • Allowed/disallowed countries
  • Multiple SSO/LDAP Integration options
  • PGP/GPG encryption (on certain plans)
  • Folder admins
  • Storage region by folder
  • Rest API
  • Account Provisioning, including SSO/LDAP integration options
  • Account Deprovisioning, including options for automatic lockout and deletion of inactive users
  • Customer History search/export options

Please reference the Documentation for more detailed information

Get Instant Access to

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial

©2024 All right reserved


  • Start My Free Trial
  • Pricing
  • Docs
  • API and SDKs
  • Contact


(800) 286-8372


9am–8pm Eastern