Skip to main content

The Arc XP Shared Responsibility Model

As an Arc XP customer, you build and configure digital experiences on the platform. We partner with you, sharing responsibility for your site's security, stability, and performance, as well as for your end users and sensitive data.

The easiest way to think of this model is that you are responsible for the security and operation of your site, while we are responsible for the security and reliability of the platform.

Arc XP Responsibilities

Arc XP is responsible for the following:

  • Security of Arc XP platform code, configuration, and deployment.

  • Physical security of the infrastructure, including data centers and network infrastructure.

  • Host operating system security and patch management.

  • Management of network infrastructure and firewall configuration.

  • Application data backup and disaster recovery.

  • Compliance with relevant regulations and standards applicable to Arc XP.

Customer Responsibilities

As an Arc XP customer, you are responsible for the following:

  • Securing your application code and configuration by following industry best practices and Arc XP recommendations.

  • Enforcing strong passwords, multi-factor authentication, and access policies within identity providers to secure Arc XP accounts and administrative controls.

  • Ensuring proper configuration of Arc XP's Identity features for secure end-user access to authenticated content.

  • Using and protecting Arc XP platform tokens responsibly, implementing loss prevention measures, and rotating tokens to minimize security risks.

  • Ensuring the accuracy and appropriateness of content displayed on the site and verifying that third-party integrations function correctly within the Arc XP platform.

  • Managing and responding to security threats specific to your site (for example, credit card fraud or credential stuffing attacks) and implementing countermeasures to prevent such incidents.

  • Ensuring compliance with all applicable regulations, standards, and legal requirements for data privacy, security, and accessibility.

  • Using Arc XP in accordance with the product documentation and industry best practices.

Working Together

A clear shared responsibility model ensures alignment between Arc XP and our customers in securing and maintaining high-performing sites. Understanding these responsibilities enables you to take appropriate measures to protect your website and data.

Tip

If you require assistance in areas that fall under your responsibility, Arc XP offers paid support engagements to help address your needs.

Customer Proxies and Wrappers

Do not proxy Arc XP API calls from the front end through your own services. In doing so, you lose many of the detection and response capabilities that the Arc XP platform offers. Because a proxy makes your end-user traffic appear to come from the IP ranges of your data center, the Arc XP team cannot as easily detect an attack, isolate malicious requests from non-malicious, or fingerprint and block malicious traffic.

If you decide to proxy traffic to Arc XP in this way, you are responsible for security monitoring and response. Instead, use Arc XP developer APIs and IFX features to meet your business objectives.

The following actions should not impact Arc XP security services:

  • Wrapper functions that live on the client side, which you make for your convenience but do not obscure the original caller.

  • Wrapper functions on your server-side code, fetching Arc XP data, which you have written for your convenience.

The following actions can impact Arc XP security services:

  • Establishing a new service tier on your server side, which is the point of entry for client-side code, thus obscuring the original caller.

  • Building out your service tier to handle front-end requests intended for Arc XP.

In this section: