Data Protection
      Back to home
      1. AngelTrack Knowledge Base
      2. IT
      3. Data Protection

      Shared Responsibility Model

      AngelTrack is SaaS using a Shared Responsibility Model, in which the responsibilities for IT reliability and security are shared between AngelTrack, its datacenter (Rackspace), and the Customer.

      This document summarizes the many details given in the AngelTrack Security Guide, so that all parties can know their responsibilities.

      Responsibilities of AngelTrack LLC

      Backups per our published backup schedule (in the aforementioned security guide)

      Backup offsiting

      All servers and firewalls deployed high availability [HA]

      Prompt patching of all servers, application stacks, and firewalls 

      Live monitoring and alerting of application health

      Live monitoring and alerting of aggregate (cluster-level) attacks such as denial of service, password-cracking, exfiltration

      Outbound whitelist on firewalls

      Virus-scan of servers

      Virus-scan of files uploaded by users (excluding simple images)

      Server-side ransomware detection and recovery

      User password security features

      Monitoring of CVEs affecting AngelTrack's tech stack

      Permanent deletion of data at the end of its defined lifetime

      Responsibilities of Rackspace Corporation

      Physical access control of server and networking hardware

      Networking redundancy and health monitoring

      Server health monitoring, alerting, and prompt intervention

      Power resilience and redundancy

      DDOS defense

      Responsibilities of the Customer

      Outbound whitelist on customer firewalls

      Endpoint security including anti-virus, whole-disk encryption, and the restriction of Administrator-level accounts

      Prompt patching of all operating systems and installed applications

      Power resilience aka UPS devices, and a standby generator for the dispatch office

      Network redundancy aka a secondary internet connection, even if it's just tethering

      Lockdown of all computers and mobile devices

      Remote wipe of lost mobile devices

      Physical security of company premises, especially the dispatch and billing offices

      Paper document destruction

      Endpoint ransomware protection e.g. OneDrive

      2FA on all SaaS accounts, especially Microsoft 365 including OneDrive, and any high-access accounts in AngelTrack

      Proactive management of employees' AngelTrack accounts with a goal of minimum necessary access

      Employee training for internet security and hygiene

      Review and deployment of AngelTrack's advanced security features, including 2FA, Fort Knox mode, IP whitelist, and provisional access

      HIPAA compliance

      Employee training for HIPAA compliance

      PCI compliance (if you process credit card payments over the telephone)

      Employee training for PCI compliance (if applicable)

      Export and archival of data before its defined lifetime is reached

      Monitoring of exfiltration alerts sent by AngelTrack

      Forensics of any exfiltrations that target just one AngelTrack customer e.g. a rogue employee