<- Back to all blog posts

Shared Responsibility in the Context of Cloud Services like AWS

May 25, 2023

Are you searching for a way to enhance your organization's security awareness training? Look no further than Haekka! Schedule a demo with us to discover how we can help you reduce costs by 75% while boosting employee satisfaction with our training by 81%.
Schedule a demo

The below bullets summarize this post on shared responsibility. 

  • The shared responsibility model is an approach to security and compliance in cloud services, defining the responsibilities of both the cloud service provider (AWS) and the customer.
  • AWS is responsible for the "Security of the Cloud" - protecting the underlying infrastructure, including hardware, software, networking, and facilities running AWS Cloud services.
  • AWS's responsibilities include ensuring physical security of data centers, maintaining network infrastructure integrity, safeguarding foundational software components, updating and patching the infrastructure, and upholding service availability per the SLA.
  • Customers are responsible for the "Security in the Cloud" - determined by the specific AWS cloud services selected, it involves the security configuration of their guest operating systems, databases, and applications.
  • Customers must manage AWS IAM to control access, protect sensitive data through encryption, ensure secure configuration of AWS resources, perform regular auditing and monitoring of activity, and maintain the security of customer-controlled data.
  • The shared responsibility model is vital for risk management in the cloud, ensuring clarity of roles to prevent gaps in security coverage that could be exploited.
  • While the shared model reduces a customer's operational burden, it doesn't eliminate the need for maintaining a robust security system.
  • Understanding the shared responsibility model in AWS allows customers to focus on their core competencies, ensuring a secure and compliant cloud environment.

Cloud computing has transformed the way businesses operate by providing an opportunity for companies to offload IT responsibilities to external service providers. Amazon Web Services (AWS), the leading player in the industry, provides a broad set of cloud services ranging from computing power to storage and databases. Understanding the shared responsibility model becomes crucial as companies migrate their data and applications to the cloud. This model defines who is responsible for what in the complex world of cloud security and compliance.

Shared Responsibility Model:

In the context of AWS, the shared responsibility model is an approach to security and compliance that is shared between AWS and the customer. It clarifies the responsibilities of AWS and the customers to ensure a secure environment.

Under this model, AWS is responsible for the security "of" the cloud, while customers are responsible for the security "in" the cloud.

AWS Responsibilities - "Security of the Cloud":

AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS cloud. This includes hardware, software, networking, and facilities that run AWS Cloud services.

AWS's responsibilities include:

  • Ensuring physical security of data centers.
  • Maintaining the integrity and resilience of the network infrastructure.
  • Safeguarding the hypervisor and other foundational software components.
  • Continual updates and patching of the infrastructure.
  • Ensuring the availability of services according to their Service Level Agreement (SLA).

Customer Responsibilities - "Security in the Cloud":

On the other hand, the customer's responsibility will be determined by the AWS cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.

For services such as Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Simple Storage Service (Amazon S3), for example, AWS operates the infrastructure layer, the operating system, and platforms, and customers are responsible for the security configuration of their guest operating systems, databases, and applications.

The customer's responsibilities include:

  • Management of AWS Identity and Access Management (IAM) to control access to services and resources.
  • Protection of sensitive data through encryption, both at rest and in transit.
  • Secure configuration of AWS resources including security groups, network access control lists, and AWS Key Management Service.
  • Regular auditing and monitoring of activity using services like AWS CloudTrail and AWS Config.
  • Security of customer-controlled data, both in transit and at rest.

Why Shared Responsibility Matters:

The shared responsibility model has a profound effect on risk management in the cloud. It clarifies who is responsible for what and helps prevent gaps in security coverage that could be exploited.

While AWS manages the security of the cloud, security in the cloud is the responsibility of the customer. This shared model can reduce a customer's operational burden in many ways and might reduce risk, but it's crucial to understand that this doesn't remove the need to maintain a robust security system.

—-

The shared responsibility model allows startups to focus on their core competencies, such as developing and scaling applications and gathering insights from data, instead of managing data centers. However, customers must always be aware of their role in this model and should take appropriate measures to protect their data and applications. Understanding shared responsibility in AWS's context enables customers to maintain a secure and compliant cloud environment.

Schedule a demo

Start delivering training via Slack today.

Get started with a free trial by scheduling a demo today. One of our training experts will walk you through a live Haekka demo.

Excellent! We received your demo request. You should be redirected to our scheduling system. If you ran into an issue, please contact us.
Hmm. Something went wrong while submitting your form.
Please refresh and try again.