Shared Responsibility Model
As the world’s digital infrastructure company, Equinix connects places, partners and possibilities.
We interconnect industry-leading organizations across a digital-first world. Business leaders harness our trusted global platform to bring together and interconnect the foundational infrastructure that powers their success – sustainably and securely.
With Equinix’s network of 240+ International Business Exchange™ (IBX®) data centers located in 71 major metros around the world we offer the world’s most expansive, secure and sustainable data center platform. You can safeguard your data with the highest levels of security and operational reliability with an award-winning portfolio backed by over 20 years of industry-leading expertise.
You can consume network infrastructure on demand, globally and instantly with Equinix, enabling you to deploy digital infrastructure securely and rapidly with virtual network services, Timing-as-a-Service and automated bare metal powered by software-defined interconnection.
As this digital infrastructure is housed in our IBXs, utilizing colocation with Equinix provides the most secure, connected and consistent operating standards and is your secure access point into the world’s most diverse and dynamic ecosystem of leading services, networks, providers and partners.
Security is critically important in today’s world, and it matters to us. Whether you are starting on your digital infrastructure journey or an expert, it’s important to know and understand the security obligations handled by Equinix and which security obligations rest with you.
This is where the Equinix shared responsibility model diagram below illustrates the division of responsibility between you and Equinix for various Equinix services. Equinix’s shared responsibility model aims to provide clarity to customers and partners as they leverage Equinix’s services to design and implement mission critical, secure and reliable IT architecture.
When leveraging Equinix’s colocation services, the customer is responsible for the majority of the IT stack. As customers leverage or include additional Equinix services, more responsibilities transfer to Equinix. This shared responsibility model relieves the customer of the operational burden of many aspects of the IT environment, as Equinix operates, manages, and controls several key layers of the infrastructure stack, while the customer manages and controls other layers of the environment. While Equinix is responsible for the security of the components that it offers and the data that Equinix stores, customers are responsible for the usage of these components, the data that traverses or resides in these components, and for removal of their data. Customers should be aware of any compliance requirements, applicable laws or regulations that affect their deployment and ensure that they appropriately leverage security mechanisms such as firewalls, intrusion detection/prevention, and encryption, and key management to meet those requirements.
For more details about how to power your digital transformation with Equinix, please visit our Products and Services page here.
For those customers that purchase Equinix Metal, Equinix’s bare metal service, it is important to understand that while Equinix provides the physical host (as outlined in the shared responsibility model diagram above), Equinix does not access any data which is processed, stored, or transmitted through Equinix Metal.
Customers are responsible for removing all data from Equinix Metal servers before the associated contract expires. If a Metal customer fails to do so, Equinix will deprovision the Equinix Metal servers, by deleting the server instance which will result in the removal of all data stored thereon (“Deprovisioning”).
Accordingly, if a customer places data on an Equinix Metal server that may be regulated in certain countries by data privacy laws (for example, personally identifiable information, or personal data) and relies upon Equinix’s Deprovisioning to delete that data, then customer can enter into Equinix’s data processing agreement (“DPA”) for the limited processing that may be involved with Deprovisioning, which such DPA is available at https://docs.equinix.com/en-us/Content/shared-responsibilities/dpa.html .