跳转至

Shared security responsibility model(共享安全责任模型)

Security on Foundry is a shared responsibility between Palantir and Palantir’s customers. While Palantir is responsible for Foundry’s security at each level of the service in our control, customers also play a vital role in ensuring their data is protected.

The shared responsibility model is a framework that has been adopted by many major cloud-based software companies to delineate security responsibility between the customer and the cloud provider. As the cloud provider, Palantir is responsible for security of the cloud, while customers are responsible for security in the cloud.

In practice, this means that Palantir and underlying Infrastructure as a Service (IaaS) providers are responsible for securing Foundry by managing physical security, host infrastructure, networking controls, and application security. Meanwhile, customers maintain responsibility over what they choose to host in Foundry: specifically, customer data and user identity/access configuration. The shared responsibility model gives customers control over their data, how they use it, and who can access it, and relieves customers from worry about the security of the underlying infrastructure.

The shared responsibility model can be broken down into the responsibilities of two parties:

Palantir ↘ Customer ↘
Foundry Services Customer Data
Encryption in transit and at rest Customer-built Applications
Network Traffic Protections Identity and Access Management (IAM)
Operating System, Network, and Firewall Configurations Resource Permissions (RBAC)
Infrastructure-level Monitoring and Alerting Application-level Monitoring and Alerting
Continuous Delivery, Automated Upgrades, and Patching
Foundation Services:
→ Compute
→ Storage
→ Database
→ Networking
Global Infrastructure:
→ Regions
→ Availability Zones

As a customer, some of your responsibilities for protecting your data may vary by environment and architecture, but you are always responsible for the following:

Contact your Palantir representative if you have any questions or concerns regarding the shared responsibility model.


中文翻译

共享安全责任模型

Foundry 的安全性由 Palantir 与 Palantir 客户共同承担。虽然 Palantir 负责我们控制范围内服务各层级的安全,但客户在确保其数据安全方面也扮演着至关重要的角色。

共享安全责任模型(shared responsibility model) 是一种已被多家主流云软件公司采用的框架,用于划分客户与云服务提供商之间的安全责任。作为云服务提供商,Palantir 负责云本身的安全,而客户则负责云内部的安全。

在实践中,这意味着 Palantir 及底层基础设施即服务(IaaS)提供商通过管理物理安全、主机基础设施、网络控制和应用安全来保障 Foundry 的安全性。与此同时,客户需对其选择在 Foundry 中托管的内容负责,具体包括客户数据以及用户身份/访问配置。共享安全责任模型让客户能够掌控自身数据、数据使用方式及访问权限,同时无需担忧底层基础设施的安全问题。

共享安全责任模型可分解为以下两方的责任:

Palantir ↘ 客户 ↘
Foundry 服务 客户数据
传输中及静态数据加密 客户构建的应用程序
网络流量保护 身份与访问管理(IAM)
操作系统、网络及防火墙配置 资源权限(RBAC)
基础设施级监控与告警 应用级监控与告警
持续交付、自动升级与补丁管理
基础服务:
→ 计算
→ 存储
→ 数据库
→ 网络
全球基础设施:
→ 区域
→ 可用区

作为客户,您在保护数据方面的部分责任可能因环境和架构而异,但以下责任始终由您承担:

如果您对共享安全责任模型有任何疑问或顾虑,请联系您的 Palantir 代表。