Last week we talked about security and compliance in the AWS cloud, this week, we have one more security and compliance-related topic. We are talking about the concept of "Shared Responsibility" in the AWS cloud.
Shared responsibility is an important concept when we talk about security and compliance. In the AWS cloud, security and compliance is a shared responsibility between AWS and the customer.
Simply said, a shared responsibility model is the concept of management that differentiates security "IN" the cloud and security "OF" the cloud.
Shared responsibility as a concept of management relieves the customer of operational burden on how AWS operates, manages, and controls its components and infrastructure. The customer is responsible for the management of the guest operating system and other associated application software. It's vital to understand how AWS services work, depending on the service and IT environment, law and applicable regulations can vary.
As shown in the chart below, the shared responsibility model differentiates security "IN" the cloud and security "OF" the cloud.
AWS is responsible for protecting the infrastructure (hardware, software, networking, and other facilities) that runs services offered in the AWS Cloud.
Customer responsibility depends on the AWS services that a customer selects. Based on the selected AWS cloud services, the amount of configuration needed to satisfy security compliances can vary.
As an example, we can compare services like Amazon Elastic Compute Cloud (Amazon EC2) and Amazon S3. EC2 is an IaaS (Infrastructure as a Service) service; as such, the customer is responsible for the management and control of the whole EC2 instance. Customers' responsibility includes the management of a guest operating system, application software, and other utilities installed on the instance.
For services like S3 that are abstracted on the top of AWS's infrastructure, AWS operates the infrastructure layer (operating system, platform, and customer endpoints). Customers are responsible for the management of their data and the way this data is delivered to AWS (encryption options, permissions, classification).
Shared responsibility model extends to IT controls; we can differentiate three types of IT controls:
Inherited Controls - Controls which a customer fully inherits from AWS.
Shared Controls - Controls which apply to both the infrastructure layer and customer layers, but in different contexts. AWS provides the requirements for the infrastructure while the customer provides the requirements within their AWS services. Examples include:
Customer Specific - Controls which are entirely the responsibility of the customer. Examples include:
AWS's "shared responsibility model" helps us differentiate the responsibility of the customer and AWS as a cloud provider. The basic principle is very simple. AWS is responsible for the security OF the cloud - the service that the customer uses. The customer is responsible for the security IN the cloud - the service that customer installs on top of AWS.
Trough Amazon Partner Network (APN), Sedmi odjel offers services based on AWS infrastructure. As a company, we are very security-aware; are services are aligned with the leading IT and cloud management programs - ISO27001 and ISO27017.
When we talk about security and compliance in the cloud and based on the years of experience, we can guarantee that AWS cloud is the right choice for even the most security-sensitive organizations.
Schedule a talk with one of our cloud experts!
Your message has been sent. We will contact you as soon as possible!
Something is wrong. Your message is not sent. Please contact us directly on our info e-mail: firstname.lastname@example.org.