Embracing the Shared Responsibility Model in Digital Preservation

February 24, 2025Nathan Tallman
Members, Technical

For institutions dedicated to preserving digital content, ensuring the longevity and integrity of valuable data is a complex challenge. At APTrust, we’ve adopted the shared responsibility model to define and clarify the roles of all stakeholders—APTrust, our members, and our primary cloud service provider, Amazon Web Services (AWS). This model helps us manage risk, maintain security, and ensure that digital preservation efforts remain sustainable.

AWS Shared Responsibility Model: Customers handle security in the cloud (data, apps, OS), while AWS secures the cloud infrastructure (hardware, regions).
Credit: The Shared Responsibility Model, AWS, February 2025.

What is the Shared Responsibility Model?

The shared responsibility model is a framework developed by AWS that outlines how security and operational responsibilities are divided between cloud providers and their customers:

  1. AWS (Cloud Provider): AWS provides and secures the underlying infrastructure, such as storage, networking, and physical data centers. This includes protections against hardware failures, physical security threats, and global availability of storage services.
  2. APTrust (Preservation Service Provider): APTrust is responsible for securely managing and preserving member data within AWS. This includes maintaining system integrity, monitoring for risks, ensuring backups, and developing preservation workflows that comply with best practices.
  3. Members (Data Owners): Our members—universities, libraries, and cultural institutions—are responsible for the content itself. This includes ensuring that files are correctly formatted for long-term preservation, maintaining appropriate metadata, and uploading data in accordance with preservation standards.

How APTrust Adapts the Shared Responsibility Model

APTrust operates in the Customer section (dark blue) of AWS’s shared responsibility graphic, meaning we take an active role in security, operational resilience, and compliance. Here’s how we extend and apply this model to digital preservation:

  • Data Integrity & Risk Management: APTrust continually evaluates risks related to data corruption, file degradation, and evolving storage technologies. We monitor for changes and notify members when action is needed to maintain accessibility and authenticity. Learn more in our Trusted Digital Repository documentation.
  • Security & Access Control: Security risks are shared across the model, with different responsibilities for AWS, APTrust, and members. While AWS secures the infrastructure, APTrust ensures that preservation data is protected against unauthorized access and internal threats. Members, in turn, are responsible for encrypting sensitive content and securing their credentials and access keys. If a bad actor gains access to a member’s keys, liability is shared—AWS secures the platform, APTrust enforces best security practices, and members must manage their own authentication safeguards.
  • Monitoring Software & System Changes: Technology doesn’t stand still, and neither do we. APTrust actively tracks software updates and implements necessary changes to maintain security and performance. Members can learn more about our technology monitoring efforts here.
  • Preservation Technology Watch: To stay ahead of potential risks, APTrust employs a proactive approach to monitoring digital preservation technologies. Read about our technology watch strategy here.
APTrust Shared Responsibility Model: Members handle content stewardship; APTrust manages cloud services; AWS secures infrastructure and global resources.
The APTrust Shared Responsibility Model, February 2025

Lessons from the Frontlines: Data Loss & Recovery

One of the greatest benefits of the shared responsibility model is its role in data recovery. APTrust has learned valuable lessons in navigating data loss and ensuring robust recovery strategies. In this blog post, Lessons from the Frontlines, we share key takeaways from real-world scenarios.

Why This Matters for Digital Preservation

Digital preservation is not just about storing files—it’s about ensuring long-term access and authenticity. By clearly defining responsibilities, the shared responsibility model strengthens preservation strategies and helps institutions mitigate risk. APTrust’s commitment to this model ensures that:

  • Members retain control and responsibility for their content.
  • APTrust maintains a secure and resilient preservation system.
  • AWS provides reliable and scalable infrastructure.

By embracing this model, we will work together to safeguard cultural, academic, and institutional records for future generations.

Members, Technical