Shared Responsibility Model
Introduction
Security and privacy at PubNub are shared responsibilities between PubNub and our customers. Both parties play essential roles in maintaining a secure, compliant environment for real-time data processing and communications. This model outlines how responsibilities are divided to ensure data protection, compliance, and operational reliability. Understanding these shared roles helps reduce risk and ensures both parties fulfill their security and compliance obligations effectively.
PubNub Responsibilities
PubNub operates as a Software-as-a-Service (SaaS) provider, maintaining the integrity, confidentiality, and availability of the platform and its supporting infrastructure. We are responsible for designing, securing, and managing the systems that deliver the PubNub service. This includes implementing and maintaining controls aligned with internationally recognized standards such as ISO 27001 and SOC 2 Type II.
PubNub manages encryption for data in transit and at rest, network security, vulnerability management, and secure software development practices. We conduct regular penetration testing and security audits, enforce strong authentication for internal systems, and maintain robust physical and logical controls through vetted cloud service providers. PubNub’s compliance program is independently reviewed and audited to ensure ongoing adherence to data protection regulations and best practices.
PubNub also performs continuous monitoring to detect and respond to potential threats. Our internal Security Incident Response Team (SIRT) is responsible for investigating incidents and coordinating remediation efforts. We maintain business continuity and disaster recovery procedures that are regularly tested to ensure operational resilience.
Customer Responsibilities
Customers are responsible for configuring, securing, and managing their use of the PubNub platform. This includes controlling access to their PubNub accounts, safeguarding authentication keys, and enforcing proper user and role management within their applications. Customers are also responsible for ensuring that the data they send through the PubNub network complies with applicable privacy laws and regulations, such as GDPR, CCPA, and COPPA.
Customers should encrypt sensitive data before transmission and ensure proper classification and retention within their systems. They must monitor their applications for unauthorized use, validate integrations, and ensure that any custom code or third-party components used in conjunction with PubNub are maintained and secured.
Because customers act as the data controllers for information processed through their applications, they are accountable for obtaining appropriate user consents, maintaining transparency with end users, and upholding applicable data protection principles.
Shared Responsibilities
Certain security and compliance areas require collaboration between PubNub and the customer. For example, encryption in transit involves both PubNub and the customer maintaining secure protocols. Security monitoring, logging, and privacy compliance also rely on shared participation: PubNub provides secure tools and configurations, while customers review, monitor, and respond to activities within their environments.
Disaster recovery and business continuity are shared efforts. PubNub ensures the platform remains available and resilient, while customers must ensure they have recovery plans for their own dependent systems and data. Similarly, compliance reporting is a shared process in which PubNub provides independently audited certifications, while customers manage their own compliance documentation and risk assessments.
Summary
In summary, PubNub is responsible for securing the underlying platform, infrastructure, and core services, while customers are responsible for securing their applications, configurations, and data usage on the platform. By working together within this shared responsibility model, PubNub and its customers help maintain a secure, compliant, and trustworthy environment for real-time digital experiences.
For additional information on PubNub’s security and compliance program, contact support@pubnub.com.
