Shared Responsibility Model

As the world’s digital infrastructure company, Equinix connects places, partners and possibilities.

We interconnect industry-leading organizations across a digital-first world. Business leaders harness our trusted global platform to bring together and interconnect the foundational infrastructure that powers their success – sustainably and securely.

With Equinix’s network of 240+ International Business Exchange™ (IBX®) data centers located in 71 major metros around the world we offer the world’s most expansive, secure and sustainable data center platform. You can safeguard your data with the highest levels of security and operational reliability with an award-winning portfolio backed by over 20 years of industry-leading expertise.

You can consume network infrastructure on demand, globally and instantly with Equinix, enabling you to deploy digital infrastructure securely and rapidly with virtual network services, Timing-as-a-Service and automated bare metal powered by software-defined interconnection.

As this digital infrastructure is housed in our IBXs, utilizing colocation with Equinix provides the most secure, connected and consistent operating standards and is your secure access point into the world’s most diverse and dynamic ecosystem of leading services, networks, providers and partners.

Security is critically important in today’s world, and it matters to us. Whether you are starting on your digital infrastructure journey or an expert, it’s important to know and understand the security obligations handled by Equinix and which security obligations rest with you.

This is where the Equinix shared responsibility model diagram below illustrates the division of responsibility between you and Equinix for various Equinix services. Equinix’s shared responsibility model aims to provide clarity to customers and partners as they leverage Equinix’s services to design and implement mission critical, secure and reliable IT architecture.

When leveraging Equinix’s colocation services, the customer is responsible for the majority of the IT stack. As customers leverage or include additional Equinix services, more responsibilities transfer to Equinix. This shared responsibility model relieves the customer of the operational burden of many aspects of the IT environment, as Equinix operates, manages, and controls several key layers of the infrastructure stack, while the customer manages and controls other layers of the environment. While Equinix is responsible for the security of the components that it offers and the data that Equinix stores, customers are responsible for the usage of these components, the data that traverses or resides in these components, and for removal of their data. Customers should be aware of any compliance requirements, applicable laws or regulations that affect their deployment and ensure that they appropriately leverage security mechanisms such as firewalls, intrusion detection/prevention, and encryption, and key management to meet those requirements.

For more details about how to power your digital transformation with Equinix, please visit our Products and Services page here.

Equinix Metal

For those customers that purchase Equinix Metal, Equinix’s bare metal service, it is important to understand that while Equinix provides the physical host (as outlined in the shared responsibility model diagram above), Equinix does not access any data which is processed, stored, or transmitted through Equinix Metal.

Customers are responsible for removing all data from Equinix Metal servers before the associated contract expires. If a Metal customer fails to do so, Equinix will deprovision the Equinix Metal servers, by deleting the server instance which will result in the removal of all data stored thereon (“Deprovisioning”).

Accordingly, if a customer places data on an Equinix Metal server that may be regulated in certain countries by data privacy laws (for example, personally identifiable information, or personal data) and relies upon Equinix’s Deprovisioning to delete that data, then customer can enter into Equinix’s data processing agreement (“DPA”) for the limited processing that may be involved with Deprovisioning, which such DPA is available at https://docs.equinix.com/en-us/Content/shared-responsibilities/dpa.html .

Equinix Managed Solutions

In the shared responsibility model diagram above, Equinix is responsible for the security of the software, hardware and the physical facilities that host the services, and for the security configuration of its Managed Solutions such as Managed Private Cloud, Managed Private Backup, Managed Private Firewall and Managed Private Storage. The Customer’s responsibility is to implement best practices for operating in the cloud.

Managed Private Cloud and Managed Private Storage are classified as Infrastructure as a Service and as per the shared responsibility model diagram above, Equinix will take care of the platform security up to and including the virtualization layer, whereas the security of the layers on top of the virtualization layer is the responsibility of the Customer.

Managed Private Backup and Managed Private Firewall are classified as enhanced Platform as a Service, as per the shared responsibility model diagram above, where Equinix takes care of the security up to and including the application providing respectively the backup, restore and firewall functionality.

For specific types of Managed Solutions, Equinix assumes the role of a Data Processor in accordance with applicable data protection laws for the purpose of Backup, support, planning, and enabling migration, deployment, and development of Services; Encryption (enabled by default for data at rest in MPC Storage), Infrastructure management (preventing, detecting, investigating, mitigating, and repairing problems, including security incidents and problems identified in the Services; and

Efficacy, quality, and security of our Services, including keeping Services up to date, and enhancing reliability, efficacy, quality, and security and fixing defects, enhancing delivery. For further details on Equinix’s role and responsibilities as a Data Processor, please consult the DPA which is made available at https://docs.equinix.com/en-us/Content/shared-responsibilities/dpa-mgdsolns.htm

For further information on how to maximise the potential of our Managed Solutions please visit the product page.