Shared responsibilities

Responsibility for security in BigAnimal is shared between you and EDB. EDB provides a secure platform that enables you to create and maintain secure database clusters deployed on BigAnimal. You have several responsibilities around the security of your clusters and the data they contain.

The following responsibility model describes the distribution of specific responsibilities between you and EDB.

High availability

• EDB is responsible for deploying clusters with one primary and one or two standby replicas. In cloud regions with availability zones, clusters are deployed across multiple availability zones.
• You are responsible for choosing whether to enable high availability.
• You are responsible for ensuring your applications reconnect when network connectivity is interrupted.

Database performance

• EDB is responsible for deploying clusters with the infrastructure you choose, and managing and monitoring these infrastructure resources.
• You are responsible for data modeling, query design, and scaling the cluster to meet your performance needs.

Deploying and scaling

• EDB is responsible for deploying, managing, and monitoring the underlying infrastructure supporting your clusters.
• You are responsible for choosing the appropriate configuration for your workload, including instance type, storage, and configuration.
• You are responsible for managing your cloud resource limits to ensure the underlying infrastructure can be provisioned.

Backups and restores

• EDB is responsible for taking backups and archiving transaction logs and storing them in object storage instances.
• You are responsible for the charges associated with the cloud object storage solution.
• You are responsible for periodically restoring and verifying the restores to ensure that archives can meet your recovery time and recovery point objectives.

Encryption

• EDB is responsible for data encryption at rest for both backups and live data.
• EDB is responsible for data encryption in transit for both intra-cluster traffic and traffic between clusters and backup storage.
• You are responsible for data encryption in transit between your applications and your cluster: BigAnimal clusters support, but do not require, verify-full TLS connections.
• You are responsible for application-level encryption to protect particularly sensitive data from unauthorized access by your authorized users and applications.

Credential management

• EDB is responsible for securely managing your edb_admin credential. The edb_admin credential is never stored in plaintext.
• You are responsible for managing and securing your cluster users and their passwords.

• On this page
• High availability
• Database performance
• Deploying and scaling
• Backups and restores
• Encryption
• Credential management