eWay Corp operates under a shared responsibility model, where responsibilities are distributed across:
- Cloud provider (AWS / Azure)
- eWay Corp (infrastructure and platform operations)
- Client (application, content, and business logic)
This model ensures clear accountability, secure operations, and scalable performance.
Responsibility Overview
| Layer | Responsibility | Owner |
|---|---|---|
| Physical Data Centers | Facilities, hardware, physical security | AWS / Azure |
| Core Cloud Services | Compute, storage, networking infrastructure | AWS / Azure |
| Network Configuration | VPC/VNet, subnets, routing, security groups | eWay Corp |
| Platform & OS Management | OS patching, base configurations, runtime environments | eWay Corp |
| Monitoring & Logging | Infrastructure and platform-level monitoring | eWay Corp |
| Backup & Recovery (Infrastructure) | Snapshots, backups, DR configuration | eWay Corp |
| Application Code | CMS, custom code, integrations | Client / Partner |
| Content Management | Website content, assets, publishing workflows | Client |
| User Access (Application Level) | CMS users, roles, permissions | Client |
| Data Governance & Compliance | Regulatory requirements, data classification | Client |
Cloud Provider Responsibilities (AWS / Azure)
Cloud providers are responsible for the security of the cloud, including:
- Physical data center security
- Hardware and infrastructure lifecycle
- Core networking and virtualization layers
- Availability of foundational services
eWay builds on top of this foundation.
eWay Corp Responsibilities
Infrastructure & Platform Operations
eWay is responsible for the security and operation of the cloud environment, including:
- Network architecture (VPC/VNet design, segmentation)
- Firewall rules, security groups, and access controls
- OS and platform patching
- Secure configuration of compute, storage, and services
Monitoring & Performance
- Infrastructure monitoring (CPU, memory, disk, network)
- Application availability monitoring (where applicable)
- Alerting and operational response
Backup & Disaster Recovery
- Backup configuration and scheduling
- Snapshot management
- Disaster recovery architecture (as defined in engagement)
RTO/RPO targets are defined in service agreements.
Security Implementation
- Identity and access controls (IAM / Azure AD integration support)
- Encryption configurations (in transit and at rest)
- Logging and audit trail enablement
Support & Operations
- Incident response and troubleshooting
- Environment maintenance and updates
- Collaboration with client teams and third-party vendors
Client Responsibilities
Application & Content
Clients are responsible for:
- Application code and functionality
- CMS configuration and content
- Third-party integrations
User & Access Management
- Managing end-user accounts and permissions within applications
- Enforcing strong authentication practices (e.g., MFA where applicable)
Data Governance & Compliance
- Determining what data is collected and stored
- Ensuring compliance with applicable regulations (e.g., FERPA, GDPR, etc.)
- Defining retention and classification policies
Security Best Practices
Clients should:
- Avoid sharing permanent credentials
- Use role-based and temporary access wherever possible
- Follow secure development and deployment practices
Support & Access Model
During support and managed services:
- eWay may be granted controlled access to systems for troubleshooting
- Access is limited to authorized personnel and defined scopes
- Temporary or least-privilege access is preferred
Clients retain control over:
- Granting and revoking access
- Credential management
Key Considerations
1. Clear Boundaries Reduce Risk
Misaligned expectations often lead to:
- Security gaps
- Operational delays
- Escalation during incidents
This model ensures clarity upfront.
2. WebOps is a Partnership Model
Effective operations require coordination between:
- eWay (infrastructure and platform)
- CMS providers (e.g., Cascade)
- Client teams (content and governance)
3. Contracts Define the Details
While this page provides a general framework, specific responsibilities, SLAs, response times, and backup and DR commitments are defined in executed agreements.
Typical Example: CMS Hosting (Cascade / Drupal / WordPress)
| Area | Responsibility |
|---|---|
| AWS Infrastructure | AWS |
| Network & Security | eWay Corp |
| Server & Runtime | eWay Corp |
| CMS Application | Client / CMS Vendor |
| Content Updates | Client |
| CDN & Traffic Routing | eWay Corp (configured), Client (policies) |