Arduino Cloud - Shared responsibility model
Security and Resiliency are a common goal between Arduino and the user of Arduino Cloud services. In order to ensure the highest level of confidentiality, integrity and availability, Arduino operates under a Shared Responsibility model, which identifies the distinct responsibilities of Arduino and the user, as explained in the following sections. It’s fundamental that users of Arduino Cloud services understand and perform their part in managing access, data, configuration, compliance.
Shared responsibility for Security
In the shared responsibility model for security, the service provider and the user collaborate to ensure the confidentiality and integrity of the data handled by the SaaS service. The service provider is responsible to provide a service that is secure against cyberthreat while the users play a critical role in following security best practices to preserve the confidentiality and integrity of their data. In this model:
Arduino is responsible for the security of the cloud services and the confidentiality of sensitive data. We are committed to regularly monitor and update our services, applications, and infrastructure. Our security posture is aligned with Cybersecurity industry best practices such as ISO27001. We work to ensure the best possible security posture via a number of best practices that all employee in Arduino follow some examples are:
- We limit as much as possible the level of access that Arduino employees have on customers data.
- Security and privacy training are conducted regularly to ensure the highest possible level of awareness to Arduino employees.
- Regular penetration and vulnerability security tests are performed to our infrastructure and services to assess that security practices in place are working as intended.
Users are responsible for the security of their account, personal access credentials, and for the information they decide to store in the cloud. Arduino recommends to pay particular attention to the following best practices:
- Strong authentication: taking advantage of strong authentication can significantly help to improve the security of your Arduino account. Options offered by Arduino Cloud are:
- Two-step verification: a second step to verify your identity during login adds an extra layer of protection to your account. Once enabled, you will be asked to provide your regular password and a digit code when logging in. It will be your responsibility to make sure that all relevant data to enter your account when two-step verification is enabled are properly backed up.
- Social login: managing multiple accounts with multiple passwords might become problematic, which is why you can choose to login to your Arduino account using a social login that you already own. Via social login you can authenticate to your Arduino account by using your favorite social account without sharing any sensitive login information with Arduino.
- Confidentiality: users should make sure to not incidentally disclose personal information as part of the content they upload (for example when sharing a project or a sketch). While Arduino can protect confidentiality of information that is recognized as such, it can’t protect against information accidentally disclosed by users inside user-created content.
Shared responsibility for Resiliency
In the shared responsibility model for resiliency, the service provider and the user collaborate to ensure the service's high availability and disaster recovery. The provider is responsible for the underlying infrastructure, redundancy, and data center operations, while the user plays a critical role in data management, access controls, and service configuration. By working together, both parties contribute to the overall resiliency and continuity of the SaaS service, providing a reliable and robust experience. In this model:
Arduino as provider is responsible for:
- Ensuring availability of Arduino Cloud service endpoints with required Service Level Objective (SLO) during normal operations. SLO is defined in terms of uptime percentage in a month
- Ensuring backups for user data stored in Arduino Cloud, and taking proper measures to ensure that our Recovery Time Objective (RTO) and Recovery Point Objective (RPO) goals are achieved in case of more impactful events (Disaster Recovery situations)
For information related to current Service Level, Incidents or recovery procedures in progress, users can refer to https://status.arduino.cc.
Arduino Cloud service is operated using Amazon Web Services (AWS) as infrastructure provider; from an availability standpoint, Arduino Cloud is using a single AWS Region and multiple Availability Zones (multiple datacenters) within that Region. Hence, Arduino Cloud is resilient to an event impacting one or more AWS Availability Zones (data centers) as long as at least one Availability Zone (datacenter) in the selected AWS Region is available.
In case a third-party application is involved to provide the service (such as AWS or the Authentication service provided by Okta/Auth0), it’s Arduino’s responsibility to ensure that the third party is providing adequate availability and resiliency when selecting the third party and reviewing the service characteristics.
In the event of a disaster, Arduino will make any commercially reasonable effort to restore the service according to the SLO, RPO, RTO goals, and to involve third parties as needed in case of problems in underlying services.
When it comes to User responsibilities, it is important to clarify that, in terms of resiliency, Arduino’s responsibility is directed toward availability and resiliency of the Arduino Cloud service itself. The purpose for Arduino to execute backups is exclusively to ensure resiliency of the service with its current user data. Arduino is not responsible for data intentionally or unintentionally deleted by users by requesting a delete operation (for example, deleting a Sketch or a Thing or any other configuration or user data). Arduino will not provide access to previous backups in order to allow the user to restore data that have been intentionally or unintentionally deleted. Arduino will not provide a service to restore the configuration or data content of the system at a past point in time.
Certain parts of Arduino Cloud, and in particular IoT services, are offering data retention for historical data. For example data collected by IoT devices are preserved for 1 day, 30 days, or a few years, according to the specific plan selected by the user (data retention specifications available at https://cloud.arduino.cc/plans); data retention only refers to data collected from IoT devices, which are preserved at least for the amount of time indicated in the plan specification (or longer if needed for technical reasons). Arduino Cloud will preserve the current Thing configuration or Sketch content. Past versions of the same, intentionally deleted by users, will not be preserved.
As a consequence, if the user has a need of preserving data for backup purposes, it is a Customer responsibility to create an external historical data backup. Configuration data or Sketches can be extracted by the Customer either via the User Interface or using APIs exposed by Arduino Cloud; the Customer can then save extracted data in external data storage systems to keep a permanent copy of the data in Arduino Cloud.