Logs provide visibility into changes made within your account, including who did what and which resources were affected—essential information for maintaining traceability. However, logs can reveal sensitive system details if not handled properly. Protecting log data is a shared responsibility between your organization and Akamai.

The following sections outline the primary areas of responsibility for each party. This list is not exhaustive.

Akamai responsibilities

Akamai is responsible for:

• Enforcing authentication and authorization so that each action is attributable to a specific user.
• Ensuring that all relevant changes generate audit logs, which prevents users from obscuring malicious actions or bypassing audit visibility.
• Excluding sensitive, non-audit data from log contents.
• Protecting audit log data in transit and at rest, from creation through delivery to your configured destination.
• Providing security controls to help secure audit logs and other data stored in Object Storage.
• Managing audit log generation, transport, and storage up to the point of delivery to your destination.

Customer responsibilities

Customers are responsible for:

• Protecting user identities and credentials, for example, by avoiding password sharing and limiting privileged access to trusted administrators.
• Restricting access to audit logs at the destination and in any downstream systems where logs are replicated or processed.
• Applying recommended security controls within your environment
• Avoiding the inclusion of sensitive information in:
  • resource names, labels, and tags
  • usernames and email addresses
  • Kubernetes CRDs or other audited Kubernetes properties
• Protecting audit logs after delivery to your destination
• Ensuring destination availability for log delivery
• For Object Storage destinations, ensuring storage limits aren’t exceeded, Object Storage remains enabled, and all related bills are paid.