search
About CoherentAPI referenceSupportYouTube

Shared responsibility model

Security and compliance in a multi-tenant SaaS environment require a clear understanding of responsibilities between Coherent and its customers. The Shared responsibility model defines security and operational roles to ensure an efficient and secure Identity and Access Management (IAM) ecosystem. Coherent provides a secure platform; customers are responsible for configuring and managing security within their own environments.

circle-info

For the Spark application, "customer environment" refers the tenant(s) provisioned for your usage.

Responsibility area
Coherent
Customer

Infrastructure and cloud security

✅ Responsible

Platform encryption

✅ Responsible

Privileged Access Management (PAM)

✅ Responsible for platform

✅ Responsible for tenant

Logging and monitoring

✅ Responsible for platform logging and monitoring

✅ Responsible for tenant monitoring and log review

Incident response

✅ Responsible for platform-level incidents

✅ Responsible for customer tenant incidents

Compliance

✅ Responsible for platform-level compliance

✅ Responsible for customer-specific compliance

hashtag
Security and access controls

Coherent responsibilities
Customer responsibilities

  • Secure hosting and platform availability.

  • Patch management and vulnerability remediation.

  • Encryption, tenant isolation, and network security.

  • Centralized logging and monitoring.

  • Platform-level IAM governance and JIT privileged access.

  • Authentication and MFA configuration.

  • User and role management.

  • Identity federation and integration security.

  • Tenant monitoring and compliance obligations.

hashtag
Incident response and compliance

Coherent responsibilities
Customer responsibilities

Platform level:

  • Investigates and responds to platform security incidents.

  • Manages incidents involving privileged platform access.

  • Remediate vulnerabilities affecting the SaaS infrastructure.

  • Maintains compliance controls applicable to the platform.

Customer environment:

  • Respond to user access misuse or configuration-related incidents.

  • Review and manage privileged access within their tenant.

  • Ensure tenant configurations meet their legal, regulatory, and organizational requirements.

  • Maintain compliance obligations specific to their industry and jurisdiction.

Last updated