In AWS’s Shared Responsibility Model is the concept that AWS and the customer share responsibilities for security and compliance of Amazon Web Services. This allows AWS to support the customer by taking on the burden of operations control associated with the physical infrastructure so the customer can focus on securing and producing within the context of software.
AWS is responsible for security OF the cloud.
The customer is responsible for security IN the cloud.
AWS is responsible for protecting the AWS infrastructure for all services that run on the AWS Cloud. This can be hardware, software, networking, and facilities that help run the AWS Cloud.
The customer’s responsibility is determined by the services the customer uses, as the type of service determines the amount of configuration he must perform to help secure the system.
These include customer data, OS, network, firewall configuration, client-side data, encryption and data integrity, and server-side encryption. Identity Access Management (IAM) is an important part as well.
As Kate says in the video below, there’s nothing AWS can do to protect you if you leave your door unlocked!
Shared Responsibility Model: Lock Your Door!
Good question to ask is: “Can I log in and adjust the security settings?” If yes, then it’s your responsibility. If not, then it’s AWS’s responsibility.
Fully Controlled by AWS
- Physical and Environmental Controls
AWS provides requirements for infrastructure and customer provides own control implementation.
- Patch Management: AWS patches and fixes flaws within the infrastructure; customers patch OS and applications
- Configuration Management: AWS configures infrastructure devices; customers patch OS and applications
- Awareness & Training: AWS trains AWS employees; customer trains its own employees
Fully Controlled by Customer
- Service & Communications Protection/Zone Security: Customer routes or zones data within specific security environments