Holding Up Your End of AWS’ Shared Responsibility Model
Businesses are increasingly turning to the public cloud in order to improve innovation, reduce costs, scale more easily and provide greater access and mobility to employees.
Even with its significant benefits, there are many security implications around cloud adoption that are overlooked far too often. The shared responsibility model is one aspect of cloud security that is often misunderstood, or underestimated, prior to cloud adoption.
The shared responsibility model is a cloud security framework dictating the security responsibilities of your team, versus the responsibilities of your cloud service provider. AWS defines its shared responsibility model as “security ‘in’ the cloud” versus “security ‘of’ the cloud.” AWS educates customers on their specific responsibilities throughout the adoption process and provides ample resources, policies and tooling to assist with governance, compliance and security. However even with this support, customers often struggle to hold up their end of the shared responsibility model in practice, especially when teams, resources and the need for control scales. This blog will discuss how enterprises can hold up their end of AWS’ shared responsibility model and offer tips for making that task easier.
The AWS Model
In AWS’ shared responsibility model, AWS is responsible for protecting the infrastructure that runs all services offered in the AWS Cloud – security “of” the cloud. The customer assumes responsibility of their data, classifying their assets, and using identity and access management (IAM) tools to apply the appropriate permissions – security “in” the cloud. Customer responsibility is determined by which AWS service the customer selects. Therefore, it’s important for the customer to be aware of the configuration work involved with their security responsibilities.
Despite the awareness and training provided, there are grey areas within the model that are the customer’s responsibility and can be easily overlooked, including:
- Identity and Directory Infrastructure: Whatever identity directory your organization employs, it is your responsibility as the customer to control the security configuration and monitoring of that system in an IaaS cloud implementation.
- Applications: Server-based cloud environments, much like on-premises hosts, are a blank slate for installing and maintaining applications and workloads. Any application or workload moved from the data center to a server-based instance in the cloud is the customer’s responsibility to secure.
- Network Controls: The cloud provider (e.g. AWS) only maintains the network that is directly under its control. All networking above the virtualization layer—whether physical or infrastructure-as-code—requires the customer to ensure appropriate security and monitoring policies are in place and configured correctly.
- Operating System: The customer must stay apprised of current vulnerabilities, security patches, and environment hardening exercises to keep server-based cloud resources secured.
Leveraging a CMP to Hold Up Your End of the Deal
The right cloud management platform is key to ensuring your security responsibilities are met and infrastructure processes are optimized. Leveraging CloudSphere’s platform simplifies the management and compliance of the shared responsibility model by easily preparing multi-cloud controls and policies stemming across customer bases, accounts, and clouds. With an agnostic single view into each of the shared responsibility and model segments, CloudSphere provides a granular level of monitoring out of the box, with customized alert thresholds as needed.
The CloudSphere platform can also assist with governance guardrails. This ensures that every action and task performed throughout the cloud environment is in line with the organization’s cloud approach and compliance requirements, such as self-service, quota-based orchestration of cloud resources, compliant S3 buckets, protection against misconfigurations, and unmanaged costs.
When working with a cloud provider, it’s critical to be aware of your role in maintaining operations. With the proper cloud management platform, businesses ensure the criteria of the shared responsibility model is always met. To see how the CloudSphere platform can help, request a free demo here.