When you move your business operations into a cloud platform like HubSpot, there's a natural sense of security. Your data lives in a world-class infrastructure, managed by experts, and protected by sophisticated systems. It’s easy to assume that the provider, HubSpot, is therefore completely responsible for keeping every byte of your data safe.
This is a common, and dangerous, misconception.
The relationship between a SaaS provider and a customer is a partnership, governed by what the industry calls the Shared Responsibility Model. Understanding this model isn't just an IT technicality; it's a fundamental principle of modern data governance. It clearly defines what your provider is responsible for and, more importantly, what you are solely responsible for protecting.
What is the Shared Responsibility Model?
Think of it like renting a high-security storage unit. The company that owns the facility is responsible for the building's security: the strong walls, the CCTV, the locked gates, and ensuring the roof doesn't leak. That is the security of the cloud.
However, you are responsible for what you put inside your unit, who you give a key to, and whether you accidentally throw away your own valuables. This is the security in the cloud.
HubSpot operates on this exact principle. They provide a secure environment, but you are responsible for how you manage your data within that environment.
HubSpot’s Responsibility: Security OF the Cloud
HubSpot invests enormous resources into maintaining the security and resilience of its global platform. Their responsibilities include:
- Infrastructure Security: Protecting the physical data centres that house the servers where your data lives.
- Network Security: Managing firewalls, intrusion detection, and other systems to prevent unauthorised access to their network.
- Application Security: Ensuring the HubSpot application itself is robust, patched, and protected from external threats.
- Platform Uptime: Making sure the HubSpot service is available and operational, protecting it from hardware failures or power outages.
HubSpot guarantees that they will provide a secure and functional platform for you to use.
Your Responsibility: Security IN the Cloud
Once you are logged into that secure platform, the responsibility for your data shifts to you. Your organisation is accountable for:
- Access Control: Managing who has administrator access. Deciding which users can view, edit, import, and delete data. If you give the wrong person the wrong permissions, that is your responsibility.
- Protection Against Human Error: HubSpot cannot prevent your team from accidentally deleting a list of 5,000 contacts or overwriting key deal properties during a clumsy CSV import.
- Defending Against Malicious Insiders: A disgruntled employee who intentionally deletes your entire sales pipeline is an internal threat that falls under your responsibility to manage and mitigate.
- Third-Party App Integrations: You choose which apps from the marketplace you connect to your portal. If a faulty or poorly-vetted app corrupts or deletes your data, the accountability lies with you for granting it access.
Ultimately, this leads to the most critical responsibility of all:
- Data Backup and Recovery: Because you are responsible for protecting your data from internal threats, you are also responsible for having a plan to recover it.
The Critical Gap: You Are Responsible for Your Own Recovery
The Shared Responsibility Model makes it clear that whilst HubSpot protects its platform from falling over, it does not protect you from your own actions within it. This is precisely where tools like the recycle bin fall short. The 90-day bin is a feature of the platform, not an independent insurance policy against your responsibilities.
Facing a data loss event caused by human error or a malicious act without a recovery plan is like discovering your storage unit is empty and realising you were the only one with the key.
The only way to fully meet your side of the shared responsibility bargain is to implement an independent, third-party backup solution. This gives you a secure copy of your data, stored separately, that you can restore at any time, regardless of what happens inside your HubSpot portal. It is the definitive way to take control of your responsibilities and ensure your business is protected.
