Shared Responsibility Model in AWS Cloud

Shared Responsibility Model in AWS Cloud

Last week we talked about security and compliance in the AWS cloud, this week, we have one more security and compliance-related topic. We are talking about the concept of "Shared Responsibility" in the AWS cloud.

Shared responsibility is an important concept when we talk about security and compliance. In the AWS cloud, security and compliance is a shared responsibility between AWS and the customer.

Simply said, a shared responsibility model is the concept of management that differentiates security "IN" the cloud and security "OF" the cloud.

Shared responsibility as a concept of management relieves the customer of operational burden on how AWS operates, manages, and controls its components and infrastructure. The customer is responsible for the management of the guest operating system and other associated application software. It's vital to understand how AWS services work, depending on the service and IT environment, law and applicable regulations can vary.

As shown in the chart below, the shared responsibility model differentiates security "IN" the cloud and security "OF" the cloud.

AWS responsibility - "Security OF the Cloud"

AWS is responsible for protecting the infrastructure (hardware, software, networking, and other facilities) that runs services offered in the AWS Cloud.

Customer responsibility - "Security IN the Cloud"

Customer responsibility depends on the AWS services that a customer selects. Based on the selected AWS cloud services, the amount of configuration needed to satisfy security compliances can vary.

As an example, we can compare services like Amazon Elastic Compute Cloud (Amazon EC2) and Amazon S3. EC2 is an IaaS (Infrastructure as a Service) service; as such, the customer is responsible for the management and control of the whole EC2 instance. Customers' responsibility includes the management of a guest operating system, application software, and other utilities installed on the instance.

For services like S3 that are abstracted on the top of AWS's infrastructure, AWS operates the infrastructure layer (operating system, platform, and customer endpoints). Customers are responsible for the management of their data and the way this data is delivered to AWS (encryption options, permissions, classification).

IT controls

Shared responsibility model extends to IT controls; we can differentiate three types of IT controls:

Inherited Controls - Controls which a customer fully inherits from AWS.

• Physical and Environmental controls

Shared Controls - Controls which apply to both the infrastructure layer and customer layers, but in different contexts. AWS provides the requirements for the infrastructure while the customer provides the requirements within their AWS services. Examples include:

• Patch Management - AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
• Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

Customer Specific - Controls which are entirely the responsibility of the customer. Examples include:

• Service and Communications Protection or Zone Security which may require a customer to route or zone data within specific security environments.

Conclusion

AWS's "shared responsibility model" helps us differentiate the responsibility of the customer and AWS as a cloud provider. The basic principle is very simple. AWS is responsible for the security OF the cloud - the service that the customer uses. The customer is responsible for the security IN the cloud - the service that customer installs on top of AWS.

Trough Amazon Partner Network (APN), Sedmi odjel offers services based on AWS infrastructure. As a company, we are very security-aware; are services are aligned with the leading IT and cloud management programs - ISO27001 and ISO27017.

When we talk about security and compliance in the cloud and based on the years of experience, we can guarantee that AWS cloud is the right choice for even the most security-sensitive organizations.

If you want to know more about cloud migration, cloud technology in general, AWS cloud, or you want to try AWS services:

• visit our cloud migration service page;
• give us a call at +385 1 3141 562;
• contact our sales department at sales@heptabit.com.

---