menu Menu
Sedmi odjel sign
Amazon Advanced Consulting Partner

Shared Responsibility Model in AWS Cloud

Shared Responsibility Model in AWS Cloud

None
date_range - 4 months ago

Last week we talked about security and compliance in the AWS cloud, this week, we have one more security and compliance-related topic. We are talking about the concept of "Shared Responsibility" in the AWS cloud.

Shared responsibility is an important concept when we talk about security and compliance. In the AWS cloud, security and compliance is a shared responsibility between AWS and the customer.

Simply said, a shared responsibility model is the concept of management that differentiates security "IN" the cloud and security "OF" the cloud.

Shared responsibility as a concept of management relieves the customer of operational burden on how AWS operates, manages, and controls its components and infrastructure. The customer is responsible for the management of the guest operating system and other associated application software. It's vital to understand how AWS services work, depending on the service and IT environment, law and applicable regulations can vary.

As shown in the chart below, the shared responsibility model differentiates security "IN" the cloud and security "OF" the cloud.

shared responsibility model shema

AWS responsibility - "Security OF the Cloud"

AWS is responsible for protecting the infrastructure (hardware, software, networking, and other facilities) that runs services offered in the AWS Cloud.

Customer responsibility - "Security IN the Cloud"

Customer responsibility depends on the AWS services that a customer selects. Based on the selected AWS cloud services, the amount of configuration needed to satisfy security compliances can vary.

As an example, we can compare services like Amazon Elastic Compute Cloud (Amazon EC2) and Amazon S3. EC2 is an IaaS (Infrastructure as a Service) service; as such, the customer is responsible for the management and control of the whole EC2 instance. Customers' responsibility includes the management of a guest operating system, application software, and other utilities installed on the instance.

For services like S3 that are abstracted on the top of AWS's infrastructure, AWS operates the infrastructure layer (operating system, platform, and customer endpoints). Customers are responsible for the management of their data and the way this data is delivered to AWS (encryption options, permissions, classification).

IT controls

Shared responsibility model extends to IT controls; we can differentiate three types of IT controls:

Inherited Controls - Controls which a customer fully inherits from AWS.

  • Physical and Environmental controls

Shared Controls - Controls which apply to both the infrastructure layer and customer layers, but in different contexts. AWS provides the requirements for the infrastructure while the customer provides the requirements within their AWS services. Examples include:

  • Patch Management - AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
  • Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

Customer Specific - Controls which are entirely the responsibility of the customer. Examples include:

  • Service and Communications Protection or Zone Security which may require a customer to route or zone data within specific security environments.

Conclusion

AWS's "shared responsibility model" helps us differentiate the responsibility of the customer and AWS as a cloud provider. The basic principle is very simple. AWS is responsible for the security OF the cloud - the service that the customer uses. The customer is responsible for the security IN the cloud - the service that customer installs on top of AWS.

Trough Amazon Partner Network (APN), Sedmi odjel offers services based on AWS infrastructure. As a company, we are very security-aware; are services are aligned with the leading IT and cloud management programs - ISO27001 and ISO27017.

When we talk about security and compliance in the cloud and based on the years of experience, we can guarantee that AWS cloud is the right choice for even the most security-sensitive organizations.

Cloud Consulting Services

Our cloud consulting services will help your business adopt and migrate to cloud as well as run cloud environments efficiently, securely and optimally.

Learn more

Managed Services

Our managed services will help you run your daily IT operations efficiently, securely and optimally.

Learn more

Partners

Our main focus is to expand our partnership with Amazon. Our cloud solution - "7o cloud" is built by implementing Veeam and VMware technologies, thus making these partnerships very important to us.

Amazon Advanced Consulting Partner VMware Managed Services Provider Veeam Silver Cloud & Service Provider
About us

24x7 Premium Support

Our customer support is here to assist you with any issue that you might have.

24x7 - 365 days a year premium customer support by phone or e-mail, for customers that need constant monitoring.

Talk to Expert

Are you interested in our services? Schedule a FREE consultation with one of our cloud experts!

Schedule a free talk

Or contact us via e-mail: info@sedmiodjel.com

Talk to Expert

Schedule a talk with one of our cloud experts!




Privacy Agreement *
loading

Thank you!

Your message has been sent. We will contact you as soon as possible!

Ooooops!

Something is wrong. Your message is not sent. Please contact us directly on our info e-mail: info@sedmiodjel.com.

Using "Cookies"

We use cookies to make our websites reliable and secure and provide you with an enhanced user experience.
By continuing to use this site, you confirm that you agree to the use of "cookies". More information can be found by visiting Cookie policy.

I understand