Which role is AWS responsible for in the shared responsibility model of security and compliance?
Show
The AWS shared responsibility model defines what you (as an AWS account holder/user) and AWS are responsible for when it comes to security and compliance. Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve customer’s operational burdens as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. AWS are responsible for “Security of the Cloud” .
Customers are responsible for “Security in the Cloud”.
The following diagram shows the split of responsibilities between AWS and the customer: Inherited Controls – Controls which a customer fully inherits from AWS.
Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in separate contexts or perspectives. In the AWS shared security model, a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples of shared controls include:
Customer Specific – Controls which are solely the responsibility of the customer based on the application they are deploying within AWS services. . Examples of customer specific controls include:
Related posts:In this blog, we will learn about AWS Shared Responsibility Model. Almost all the services and applications we see around are based on cloud technology. Many organizations and businesses use the cloud to host their data, applications and services. With this much demand, many learners are preparing themselves for cloud technologies. But without proper learning of cloud security, the knowledge is incomplete. Various services are active in the cloud simultaneously. Both cloud vendor and customer shares some responsibility which we will learn with the following topics:
The Shared Responsibility Model is a cloud security framework that mandates the security obligations of cloud service providers and users to ensure accountability. In simple words, A cloud vendor provides various cloud services to its users. One provides the service, and the other uses it. Both vendor and user share some responsibilities, like the vendor is responsible for the service provided, and the user is responsible for the service usage. Levels of Abstraction in Cloud ComputingSecurity responsibilities can’t be common for all scenarios. Each scenario can demand additional security and responsibility. So, levels of abstraction are the area that pertains to the responsibilities. The levels of abstraction are just the other name for cloud computing service models: IaaS, PaaS, and SaaS.
Read More: Cloud Computing Service Model: IaaS, PaaS and SaaS AWS Shared Responsibility ModelThe biggest challenge that organizations face is the confusion of the responsibilities leading to security compromisation. This confusion gives hackers a blind spot to attack, and many reports claimed the improperly shared security responsibilities as the culprit for various security incidents. Thus, Amazon Web Service (AWS) established the AWS Shared Responsibility Model to clarify responsibilities.
The responsibility of both AWS and the customers varies with the service taken into use. So to make it more clear, we will discuss the shared responsibility model for some specific AWS services. AWS Shared Responsibility Model for EC2Elastic Compute Cloud or EC2 lies under infrastructure as a Service (IaaS), and the responsibility model for both cloud service provider and customer is as follows:
AWS Shared Responsibility for ContainersEC2 virtualize hardware whereas container virtualizes operating system and the responsibility model for both cloud service provider and customer is a follows:
Now, apart from AWS services, AWS Shared Responsibility also extends to IT controls. Also Check: Our blog post on AWS CloudHSM. AWS Shared Responsibility of IT ControlsJust like the IT environment responsibility, the management, operation and verification of IT control are also shared between AWS and customers. AWS can help customers by managing the controls of the physical infrastructure to relieve their burden of operating controls. AWS control and compliance will help customers to evaluate and verify their controls. The examples of controls managed by AWS, customers and both are as follows. Inherited Controls: These Controls are fully inherited by customers from AWS.
Shared Controls: These controls apply to both the infrastructure and customer layers, but in a completely separate perspective. AWS provides the infrastructure requirements, and the customer must provide their own control implementation within their use of AWS services. For example:
Customer-Specific: These controls are solely the responsibility of the customer based on the application they are deploying within AWS services. Examples include:
ConclusionSecurity should not be compromised at any cost, and AWS knows the importance of Cloud Security very well. We covered everything about the AWS Shared Responsibility Model and its importance in this blog and how it removes the confusion between the service provider and the customer. Related/Reference
Next Task For YouOur AWS Solution Architect Associate training program will create a Custom VPC in detail and 30 other Hands-On Labs. If you want to begin your journey towards becoming an AWS Certified Solution Architect Associate, check our FREE CLASS. Which of the following is the responsibility of AWS as part of the shared responsibility model?This shared model relieves some of your operational burden because AWS operates, manages, and controls the components from the host operating system and virtualization layer, down to the physical security of the facilities in which the service operates.
Which of the following is AWS responsible for in the shared responsibility model Mcq?In the shared responsibility model, AWS is responsible for providing security of the cloud.
Which is the responsibility of the Azure cloud platform when IT comes to the shared responsibility model?You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type).
What are the responsibilities of the cloud service provider in the shared security model?The cloud provider is responsible for services and storage -- the basic cloud infrastructure components such as virtualization layer, disks and networks. The provider is also responsible for the physical security of the data centers that house its infrastructure.
|