What is a shared responsibility model?A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability. Show
When an enterprise runs and manages its own IT infrastructure on premises, within its own data center, the enterprise -- and its IT staff, managers and employees -- is responsible for the security of that infrastructure, as well as the applications and data that run on it. When an organization moves to a public cloud computing model, it hands off some, but not all, of these IT security responsibilities to its cloud provider. Each party -- the cloud provider and cloud user -- is accountable for different aspects of security and must work together to ensure full coverage. While the responsibility for security in a public cloud is shared between the provider and the customer, it's important to understand how the responsibilities are distributed depending on the provider and the specific cloud model. Different types of shared responsibility modelsThe type of cloud service model -- infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) -- dictates who is responsible for which security tasks. According to the Cloud Standards Customer Council, an advocacy group for cloud users, users' responsibilities generally increase as they move from SaaS to PaaS to IaaS. The cloud service provider's and user's security responsibilities vary depending on whether they're using the IaaS, PaaS or SaaS model.
Pros and cons of a shared responsibility modelAlthough cloud computing is a well-established technology, the concept of shared responsibility remains daunting and potentially confusing -- largely because cloud computing has only reached broad acceptance over the last few years. As with most technologies, there are tradeoffs to consider. The benefits are easy to see, such as the following:
Still, any cloud user must consider a series of potential risks or disadvantages in a shared responsibility model, including the following:
The customer's typical cloud security responsibilitiesIn general terms, a cloud customer is always responsible for configurations and settings that are under their direct control, including the following:
The provider's typical cloud security responsibilitiesPublic clouds present a vast and complex infrastructure, and cloud providers will always be completely responsible for that infrastructure, including the following components:
Divided cloud security responsibilitiesAlthough many security responsibilities have clear delineations, there are some responsibilities that might be unclear or changeable depending on the service or provider. Users must pay particular attention to provider SLAs and understand the lines of responsibility precisely in the following areas:
Notable shared responsibility model examplesThe rule of thumb for shared responsibility is that "if it belongs to you or you can touch it, you're responsible for it." This generally means that a cloud provider is responsible for securing the parts of the cloud that it directly controls, such as hardware, networks, services and facilities that run cloud resources. At the same time, a user is generally responsible for securing anything that they create within the cloud, such as the configuration of a cloud workload, selected services and infrastructure involved in the desired cloud environment. But the actual line isn't always clear and varies depending on the cloud model and provider, as in the examples below:
Although the wording might be similar, users must understand the details of the shared responsibility model that apply to each specific cloud provider. This ensures that no aspect of security is accidentally overlooked, leaving vital business workloads and data exposed. Best practices for shared responsibility cloud securityCloud security typically involves an array of resources and services that might require some level of security intervention from both cloud providers and users. Although it's impossible to describe proper security measures for every possible circumstance, there are several best practices that can help to foster better security, such as the following:
This was last updated in April 2022 Continue Reading About shared responsibility model
Dig Deeper on Cloud infrastructure design and management
Which option is an example of the customer's responsibility in the AWS shared responsibility model?Examples include: Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
Which of the following is a responsibility of AWS under the AWS shared responsibility model?According to AWS Shared Responsibility Model, AWS is responsible for the Security of the Cloud and the customer is responsible for the Security in the Cloud.
Which one is responsible of customer AWS?The Shared Responsibility Model
While AWS manages the security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks.
Which of the following is the responsibility of AWS according to the shared security model choose 3 answers from the options given below?The responsibility of AWS includes the following 1) Securing edge locations 2) Monitoring physical device security 3) Implementing service organization Control (SOC) standards.
|