Portnox Cloud shared responsibility model (SRM)
This topic outlines the shared responsibility model (SRM) for Portnox Cloud SaaS tenants. It clarifies which security and operational tasks are owned by Portnox, the customer, or shared between both parties.
Scope
This information applies to all Portnox Cloud cloud tenants and associated integrations.
Definitions
P = Portnox responsibility
C = Customer responsibility
S = Shared responsibility
Compliance Notes
Portnox maintains SOC 2 Type II and ISO 27001 certifications for its cloud platform. Customers are responsible for mapping Portnox controls into their own compliance frameworks (HIPAA, PCI-DSS, etc.).
Shared responsibility table
| Area/Control domain | Portnox (P) | Customer (C) | Shared (S) | Notes |
| Cloud infrastructure (DCs, hardware, hypervisors, core network) | P | Portnox + hosting providers own physical/data center security, hypervisors, base networking, redundancy. | ||
| Portnox Cloud application code, APIs & services | P | Portnox develops, patches, and secures the NAC SaaS platform and APIs. | ||
| Service availability, scalability, and performance of Portnox Cloud | P | Portnox owns SLOs/uptime, scaling, capacity planning for the Cloud service. | ||
| Tenant provisioning & lifecycle | P | C | S | Portnox provisions the tenant; customer designates admins, validates configuration, and manages lifecycle. |
| Identity & directory services (Entra ID, Okta, Google, AD, LDAP) | C | S | Customer owns IdP design, groups, MFA, and availability; Portnox supplies connectors and auth flows. | |
| User accounts, roles & RBAC inside Portnox Cloud | P | C | S | Portnox provides RBAC features; customer manages roles and joiner/mover/leaver processes. |
| RADIUS configuration on Portnox side | P | C | S | Portnox provides RADIUS service; customer decides secrets, attributes, and device profiles. |
| Network access devices (switches, APs, WLCs, VPNs, firewalls) | C | Customer configures network gear; Portnox provides RADIUS endpoints & attributes. | ||
| Local RADIUS / on-prem connectors | P | C | S | Portnox provides software image; customer operates local VM/host and handles OS patching. |
| Endpoint agents & apps (AgentP, Linux agent, etc.) | P | C | S | Portnox provides agent updates; customer deploys via MDM and ensures compatibility. |
| Agentless onboarding flows | P | C | S | Portnox provides portals; customer controls SSIDs/VLANs, guest policies, and sponsor flows. |
| Certificates & PKI | P | C | S | Portnox offers SCEP/Cloud PKI; customer chooses PKI model and templates. |
| Access policies | C | Customer defines business logic for VLANs, risk actions, and SSO apps. | ||
| Endpoint posture & compliance | C | Customer secures endpoints and deploys controls; Portnox evaluates posture where integrated. | ||
| Data protection inside Portnox Cloud | P | Portnox encrypts and securely stores tenant data with multi-tenant isolation. | ||
| Data classification & minimization | C | Customer decides what attributes are synced and retention policies. | ||
| Logging, alerts & integrations | P | C | S | Portnox generates logs and APIs; customer configures thresholds and SOC actions. |
| Incident detection & response (Portnox platform) | P | S | Portnox leads investigation for platform-level incidents; customer cooperates. | |
| Incident detection & response (customer network/endpoints) | C | S | Customer leads endpoint/network incidents; Portnox assists with logs and policy review. | |
| Backups, DR & business continuity for Portnox Cloud | P | Portnox handles platform backups and DR strategy. | ||
| Business continuity for customer environment | C | Customer ensures resilient network, IdP, DNS, and MDM. | ||
| Regulatory compliance & audits | P | C | S | Portnox provides attestation; customer maps controls into their compliance framework. |
| User training & internal processes | C | Customer trains admins, helpdesk, and end-users on Portnox workflows. |
Closing Guidance
Customers should review this model during onboarding and periodically during audits. It helps ensure clarity on roles for security, operations, and compliance. For questions, contact Portnox Support or your Technical Account Manager.