Astra shared responsibility model

Astra is a secure, fully-managed, database-as-a-service offering. By definition, this means that DataStax (an IBM company) is responsible for managing the underlying infrastructure, software, and services that support Astra databases, while the customer is responsible for managing their data, applications, and any resources that are external to the service.

Scope of managed service software and infrastructure responsibilities

As a managed service offering, DataStax is responsible for the secure configuration, development, and management of the service’s software and its supporting infrastructure. This can include network security controls, configuration settings, change management practices, access controls for system components, software design and development practices, and managed service cybersecurity practices.

With respect to the physical infrastructure, DataStax is responsible for physical infrastructure management within the scope of its role as a managed service provider. Where management and oversight of the physical infrastructure extends beyond the scope of DataStax, the responsibility falls to the cloud provider.

Scope of Astra customer responsibility

Data written to the service

You choose what to store in your databases.

By default, data at rest within the service is protected by encrypted volumes with DataStax-managed S3 encryption. Optionally, you can use customer-managed encryption keys (CMEK) instead of the default encryption. If you choose to use CMEK, DataStax operates under a key custodian policy for key management in the service’s infrastructure. You are responsible for all other aspects of encryption key management, such as secure credential management practices, key rotation and revocation, and access controls for cloud provider accounts and resources.

Astra endpoints are secured using mutual authentication, either with mutual-TLS or secure tokens issued to the client. Optionally for Astra DB Serverless database connections, you can use private endpoints with or without custom domains. For more information, see the following:

The responsibility of DataStax begins at the developer’s interface with the service. You are responsible for securing data before it passes into the service, such as with client-side encryption and secure application development practices.

With respect to deletions, DataStax adheres to data retention policies as specified in contracts and Astra DB Serverless agreements. You are responsible for deleting data and databases according to your application requirements and organizational policies.

Application development and integrations with the service

Astra has no control over your own code, your use of third-party integrations that you configure, or the behavior of any third-party services that you authorize to access the service. It is your responsibility to ensure that you use properly scoped application tokens, client-side encryption, and other secure development practices for your applications and integrations.

For embedding provider integrations, your data is passed to your configured embedding provider through their API. When Hybrid Search (reranking) is enabled, query data is processed by a third-party model hosted in the United States. This may result in the transfer of content, including personal data, outside the region where your data is stored. Clients with data residency requirements restricting cross-border transfers should not use this feature. Refer to the Data Processing Addendum (DPA) for additional details on processing locations and subprocessors.

Resources that are external to the service

Astra cannot manage or modify these resources on your behalf. Examples include private endpoints and customer-managed encryption keys in your cloud provider accounts.

Access and identity management in conjunction with Astra security features

Astra cannot validate the legitimacy of an access request beyond password and token authentication. and Astra doesn’t store sensitive authentication data after authorization. You must ensure that only authorized users and applications are granted access to the service. For example, manage application tokens responsibly and conduct regular access control audits.

You can choose to enable optional security features, such as SSO and IP access lists. Astra doesn’t enable these features by default. If you choose to enable them, you are responsible for configuring and maintaining them for proper access control. For example, the SSO feature is an integration with a customer-managed IdP; Astra cannot modify your IdP or your SSO application beyond using the connection to authenticate user access requests for the service.

For more information about access control in Astra, see Roles and permissions reference.

Disaster recovery and business continuity planning in conjunction with Astra features

Astra provides features such as automated backups and point-in-time restoration to help you recover from data loss or corruption. However, you are responsible for implementing a comprehensive disaster recovery and business continuity plan that incorporates these features and addresses other potential risks and scenarios specific to your business needs. For example, you should regularly test your disaster recovery plan to ensure that it works effectively with the service’s features and meets your recovery time objectives (RTOs) and recovery point objectives (RPOs).

In the event of a disaster, DataStax is responsible for ensuring that other regions aren’t impacted by the disaster, verifying service availability, and restoring any impacted regions to full operational status as quickly as possible.

If a disaster impacts the availability of a cloud provider’s physical infrastructure and datacenters, disaster recovery operations extend to the cloud provider and restoration of service is contingent on the cloud provider.

Astra shared responsibilities in operational areas

The following table summarizes the shared responsibilities between a customer and DataStax (IBM) across key operational areas for Astra.

Some areas are primarily the responsibility of one party. In this case, the table lists the primary responsible party. The Shared designation is used only when two or more parties have significant responsibilities.

Use this table in conjunction with the other information on this page.

Resource Incident and Operations Management Change Management Identity and Access Management Security and Regulatory Compliance Disaster Recovery

Customer data

Shared

Customer

Customer

Customer

Customer

Customer applications

Customer

Customer

Customer

Customer

Customer

Managed service instance

DataStax (IBM)

DataStax (IBM)

Shared

DataStax (IBM)

Shared

Virtual infrastructure configuration

DataStax (IBM)

DataStax (IBM)

DataStax (IBM)

DataStax (IBM)

DataStax (IBM)

Physical infrastructure and datacenters

Cloud provider

Cloud provider

Cloud provider

Cloud provider

Cloud provider

See also

If you need more assistance or information, contact your account representative or IBM Support.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2026 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM