Who is accountable for security and compliance under the AWS shared responsibility model?
What is AWS Shared Responsibility?As enterprises look to achieve greater operational efficiency and gain a competitive advantage, they are increasingly turning to cloud service providers like Amazon Web Services to offload their IT infrastructure and computing needs. The advantages afforded by divesting their datacenters in favor of moving to AWS are too many and too impactful to ignore, despite the loss of partial control over data and the accompanying security risks. At the same time, cloud services providers like AWS continue to make significant investments in the security of their services, leading some IT leaders to argue the public cloud may actually be more secure than what can be achieved on premises. Show
Cloud service providers are software and infrastructure specialists, and have their own dedicated teams responsible for the security of their product. They also have sizable budgets dedicated to security and hire leading IT security experts. Microsoft, as an example, spends $1 billion a year on the security of its products. Not even the largest enterprises are able to match this level of cybersecurity investment. However, despite the near limitless resources Amazon has at its disposal to enhance the security of AWS, directly comparing the security risk facing AWS with that of an on-premises IT infrastructure is misleading. Like most cloud providers, Amazon focuses on the security “of” its cloud offering. Once the customer starts using AWS, Amazon shares the responsibility of securing the data in AWS with its customers, making AWS security a shared responsibility. This concept, known as the shared responsibility model of cloud security, was created in order for IT security teams to adapt to the adoption and proliferation of cloud services.  Definitive Guide to Securing Workloads on AWSDownload to learn about the AWS adoption trends, security challenges and best practices around AWS and applications deployed in AWS. Download Now In practice, this means Amazon protects the underlying infrastructure of AWS from vulnerabilities, intrusions, fraud, and abuse, and provide its customers with necessary security capabilities that can be configured as needed. As an example, Amazon has built one of the most advanced identity and access management services (IAM) that gives customers granular control over user permissions and provisioning. Amazon encourages its customers to follow all the AWS security best practices around IAM configuration and settings. However, it’s incumbent on the AWS customer, then, to make the most of an AWS service like IAM. Gartner underscored the importance of the shared responsibility when they stated, “Through 2020, 95% of cloud security failures will be the customer’s fault.” Gartner’s prediction implies that the vast majority of enterprises using cloud services will fail to uphold their responsibilities for the security their data in the cloud. Division of Responsibility of AWS SecuritySince Amazon offers so many different cloud services, it’s imperative for enterprises to understand the division of responsibility between Amazon and its customers. AWS customers are responsible for protecting customer data stored in AWS as well as the custom applications deployed in AWS. Customers are also responsible for implementing appropriate access control policies using AWS IAM, configuring AWS Security Groups (firewall) to prevent inappropriate access to ports, and enabling AWS CloudTrail. Customers are also responsible for enforcing appropriate data loss prevention policies to ensure compliance with internal and external policies, as well as detecting and remediating threats arising from stolen account credentials or malicious/accidental misuse of AWS. Amazon is focused on securing its software, hardware, and the facilities where AWS services are located. Amazon’s responsibilities include securing its computing, storage, networking, and database services, as well as the security configuration of AWS managed services like Amazon DynamoDB, RDS, Redshift, Elastic MapReduce, Workspaces, etc. AWS Shared Responsibility Model vs. Customer Responsibility Model
AWS Shared Responsibility Best PracticesAmazon encourages its customers to follow all the AWS security best practices around IAM configuration and settings. However, it’s incumbent on the AWS customer, then, to make the most of an AWS service like IAM. AWS is responsible for providing a service management layer around infrastructure or platform services including storage and networking. AWS also provides a range of security services and features that customers can use to secure their data and assets. Enterprises are still responsible for protecting the confidentiality, integrity, and availability of their data in the cloud, and for meeting specific business requirements for information protection. To meet their customer responsibilities in the AWS model, enterprises should build and follow a set of security policies and processes to deploy applications and data quickly and securely. This includes being responsible for secure operating systems, platforms, and data. What is the Shared Responsibility Model?A shared responsibility model defines the cloud security responsibilities of a cloud computing service provider and its customer to ensure accountability. When an enterprise moves its data and applications to a public cloud it transfers some, but not all, of its IT security responsibilities to its cloud service provider (CSP). In such a framework, the cloud user and the cloud service provider are accountable for different security responsibilities while working together to maintain full coverage. An example of a responsibility model designates that a cloud service provider is responsible for the security of the cloud while an enterprise customer is responsible for securing the data they put in the cloud. What is the AWS customer responsible for according to the AWS shared responsibility model?Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.
Which controls are shared under the AWS shared responsibility model?Just as the responsibility to operate the IT environment is shared between AWS and its customers, the management, operation, and verification of IT controls is also a shared responsibility. AWS can help customers by managing those controls associated with the physical infrastructure deployed in the AWS environment.
Who is responsible for security in the cloud?We must note that cloud security is the entire ecosystem of people, processes, policies and technology that serve to protect data and applications which operate in the cloud. The responsibility here is a shared one; shared between the organisation, the cloud provider, and all its users.
Who's responsibility is data security in the azure shared responsibility model?Azure customers are responsible for the security “in their own cloud, or more simply put, everything that they instantiate, build and/or use. .
|
