Customer Security Responsibilities

Security is a shared responsibility between Megaport and Customers. Customers should note that, while the Services are inherently isolated, they are deployed over shared network infrastructure.

Customers are recommended to evaluate and employ additional controls appropriate to the design and use of Services including but not limited to:

  • Data Center - Evaluate the data center operators (DCO) where equipment is located in order to ensure the DCO meets Customer security and compliance obligations.

  • Service Implementation - Port / Service diversity, resiliency, configuration and logging, use of API and terraform.

  • Internet Exchange - Use of assigned IX IP addressing and prevent illegal traffic types.

    • Compliant Prefix Advertisement - Preventing RFC-1918 compliant address space (i.e. Private Address space) prefix advertisement to external peers.

    • BGP Configuration - Ensuring prefixes are accurate, registered, owned by the customer (or an authorized downstream network), have signed Route Origin Authorisation objects registered with the appropriate RIR, and restricted to those intended.

  • Data Transmission - Connection to trusted destinations and content of data transmitted.

    • Protocols and addressing - Method by which data is transmitted
    • Encryption - Transport and/or Application-layer
    • Traffic filtering - Technology employed to explicitly permit or deny source, destination, protocol, or payload.
  • SD-WAN Service - Configuration and security; image administration and security.

  • Portal Identity and Access Management - User, role, and permission assignment.

    • Identity-Provider (IdP) security
    • User token, password, and/or key secrecy
    • User multi-factor authentication configuration.

Megaport and Customer Shared Security Responsibilities Model