Audit logs allow you to see exactly what changes were made in your account, by whom, and which resources were affected—an essential capability for maintaining traceability. At the same time, audit logs can reveal sensitive system details if mishandled. Protecting this information is a shared responsibility between customers and Akamai.

The following sections highlight the primary areas of ownership for each party. This list is not exhaustive.

Akamai responsibilities

Akamai is responsible for:

• Enforcing authentication and authorization so that every action is tied to a specific user.
• Ensuring all changes generate audit logs, preventing users from obscuring malicious actions or bypassing audit visibility.
• Excluding sensitive, non-audit information from log contents.
• Protecting audit log data in transit and at rest, from the moment logs are created through delivery to your Object Storage destination.
• Providing security controls that help you to secure audit logs and other data stored in Object Storage.
• Managing all aspects of audit log generation, transport, and storage, up to the point of delivery into your Object Storage bucket.

Customer responsibilities

Customers are responsible for:

• Protecting user identities and credentials, by avoiding password sharing and limiting full account access privileges to trusted administrators.
• Restricting access to audit logs within your Object Storage bucket and in any downstream systems where logs are replicated or processed.
• Applying recommended security controls to your Object Storage environment, including regular access key rotation for all keys.
• Avoiding the use of sensitive information in:
  • resource names, labels, and tags
  • usernames and email addresses
  • Kubernetes CRDs or other audited Kubernetes properties
• Protecting audit logs after delivery to your Object Storage bucket.
• Ensuring Object Storage capacity and continuity by ensuring storage limits aren’t exceeded, Object Storage remains enabled, and all related bills are paid.