In AWS’s Shared Responsibility Model is the concept that AWS and the customer share responsibilities for security and compliance of Amazon Web Services.  This allows AWS to support the customer by taking on the burden of operations control associated with the physical infrastructure so the customer can focus on securing and producing within the context of software.

AWS is responsible for security OF the cloud.
The customer is responsible for security IN the cloud.

Shared Responsibility Model

(AWS Shared Responsibility Model)

AWS’s Responsibility

AWS is responsible for protecting the AWS infrastructure for all services that run on the AWS Cloud.  This can be hardware, software, networking, and facilities that help run the AWS Cloud.

Some services under AWS’s responsibility to secure are Compute, Storage, Database, Networking, and global infrastructures such as Regions, Availability Zones, and Edge Locations.

Customer’s Responsibility

The customer’s responsibility is determined by the services the customer uses, as the type of service determines the amount of configuration he must perform to help secure the system.

These include customer data, OS, network, firewall configuration, client-side data, encryption and data integrity, and server-side encryption.  Identity Access Management (IAM) is an important part as well.

As Kate says in the video below, there’s nothing AWS can do to protect you if you leave your door unlocked!

Shared Responsibility Model: Lock Your Door!

Good question to ask is: “Can I log in and adjust the security settings?” If yes, then it’s your responsibility.  If not, then it’s AWS’s responsibility.

Fully Controlled by AWS

  • Physical and Environmental Controls

Shared Controls

AWS provides requirements for infrastructure and customer provides own control implementation.

  • Patch Management: AWS patches and fixes flaws within the infrastructure; customers patch OS and applications
  • Configuration Management: AWS configures infrastructure devices; customers patch OS and applications
  • Awareness & Training: AWS trains AWS employees; customer trains its own employees

Fully Controlled by Customer

  • Service & Communications Protection/Zone Security: Customer routes or zones data within specific security environments

Resources

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.