Which of the following regarding the shared responsibility model does the customer assume?
In AWS’s Shared Responsibility Model is the concept that AWS and the customer share responsibilities for security and compliance of Amazon Web Services. This allows AWS to support the customer by taking on the burden of operations control associated with the physical infrastructure so the customer can focus on securing and producing within the context of software. Show
AWS is responsible for security OF the cloud. (AWS Shared Responsibility Model) AWS’s ResponsibilityAWS is responsible for protecting the AWS infrastructure for all services that run on the AWS Cloud. This can be hardware, software, networking, and facilities that help run the AWS Cloud. Some services under AWS’s responsibility to secure are Compute, Storage, Database, Networking, and global infrastructures such as Regions, Availability Zones, and Edge Locations. Customer’s ResponsibilityThe customer’s responsibility is determined by the services the customer uses, as the type of service determines the amount of configuration he must perform to help secure the system. These include customer data, OS, network, firewall configuration, client-side data, encryption and data integrity, and server-side encryption. Identity Access Management (IAM) is an important part as well. As Kate says in the video below, there’s nothing AWS can do to protect you if you leave your door unlocked! Shared Responsibility Model: Lock Your Door!Good question to ask is: “Can I log in and adjust the security settings?” If yes, then it’s your responsibility. If not, then it’s AWS’s responsibility. A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability. When an enterprise runs and manages its own IT infrastructure on premises, within its own data center, the enterprise -- and its IT staff, managers and employees -- is responsible for the security of that infrastructure, as well as the applications and data that run on it. When an organization moves to a public cloud computing model, it hands off some, but not all, of these IT security responsibilities to its cloud provider. Each party -- the cloud provider and cloud user -- is accountable for different aspects of security and must work together to ensure full coverage. While the responsibility for security in a public cloud is shared between the provider and the customer, it's important to understand how the responsibilities are distributed depending on the provider and the specific cloud model. Different types of shared responsibility modelsThe type of cloud service model -- infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) -- dictates who is responsible for which security tasks. According to the Cloud Standards Customer Council, an advocacy group for cloud users, users' responsibilities generally increase as they move from SaaS to PaaS to IaaS. This article is part of What is public cloud? Everything you need to know
Download1 Download this entire guide for FREE now!
Pros and cons of a shared responsibility modelAlthough cloud computing is a well-established technology, the concept of shared responsibility remains daunting and potentially confusing -- largely because cloud computing has only reached broad acceptance over the last few years. As with most technologies, there are tradeoffs to consider. The benefits are easy to see, such as the following:
Still, any cloud user must consider a series of potential risks or disadvantages in a shared responsibility model, including the following:
The customer's typical cloud security responsibilitiesIn general terms, a cloud customer is always responsible for configurations and settings that are under their direct control, including the following:
The provider's typical cloud security responsibilitiesPublic clouds present a vast and complex infrastructure, and cloud providers will always be completely responsible for that infrastructure, including the following components:
Divided cloud security responsibilitiesAlthough many security responsibilities have clear delineations, there are some responsibilities that might be unclear or changeable depending on the service or provider. Users must pay particular attention to provider SLAs and understand the lines of responsibility precisely in the following areas:
Notable shared responsibility model examplesThe rule of thumb for shared responsibility is that "if it belongs to you or you can touch it, you're responsible for it." This generally means that a cloud provider is responsible for securing the parts of the cloud that it directly controls, such as hardware, networks, services and facilities that run cloud resources. At the same time, a user is generally responsible for securing anything that they create within the cloud, such as the configuration of a cloud workload, selected services and infrastructure involved in the desired cloud environment. But the actual line isn't always clear and varies depending on the cloud model and provider, as in the examples below:
Although the wording might be similar, users must understand the details of the shared responsibility model that apply to each specific cloud provider. This ensures that no aspect of security is accidentally overlooked, leaving vital business workloads and data exposed. Best practices for shared responsibility cloud securityCloud security typically involves an array of resources and services that might require some level of security intervention from both cloud providers and users. Although it's impossible to describe proper security measures for every possible circumstance, there are several best practices that can help to foster better security, such as the following: Which of the following are correct statements regarding the AWS shared responsibility model?The shared responsibility model can include IT controls, and it is not just limited to security considerations. Therefore, answer C is correct.
Which of the following is a shared responsibility of both AWS and the customer?Security and Compliance is a shared responsibility between AWS and the customer.
What is the shared responsibility model?What is a shared responsibility model? A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.
Which of the following is AWS responsible for in the shared responsibility model?This shared model relieves some of your operational burden because AWS operates, manages, and controls the components from the host operating system and virtualization layer, down to the physical security of the facilities in which the service operates.
|