Do you know where AWS' security responsibility ends and yours begins? Try your hand with this quick quiz.
By
- Stephen J. Bigelow,
Published: 06 Feb 2018
In a traditional data center, an enterprise exercises total control over its facility and assumes full responsibility for infrastructure security and operation. But with the public cloud, that all changes, and now, many users need to grow accustomed to the AWS shared responsibility model.
Public cloud adopters can shed the expense and management burden of traditional IT infrastructure in favor of on-demand, pay-as-you-go services. But they also surrender control and insight into that infrastructure and must trust the provider to ensure availability and security.
While AWS says it can provide secure cloud infrastructure, it cannot guarantee the security of workloads in the cloud. It's a subtle but profound distinction that delineates the separation between providers and users. When you migrate workloads and data to the cloud, it doesn't absolve you of regulatory compliance and corporate governance obligations. The provider can deliver tools and technologies necessary to protect an environment, but it's up to users to implement them to secure workloads and data.
Thus, AWS and its users share security responsibilities. See how much you know about the AWS shared responsibility model and your cloud accountability with this brief quiz.
Dig Deeper on AWS infrastructure
-
What is data separation and why is it important in the cloud?
By: Stephen Bigelow
-
shared responsibility model
By: Kathleen Casey
-
GovTech to enhance Government on Commercial Cloud
By: Aaron Tan
-
Cloud misconfiguration a growing cause of security incidents
By: Sebastian Klovig Skelton
Some key information on security in the cloud, as well as AWS and customer responsibilities.
The AWS Shared Responsibility Model
Throughout this course, you have learned about a variety of resources that you can create in the AWS Cloud. These resources include Amazon EC2 instances, Amazon S3 buckets, and Amazon RDS databases. Who is responsible for keeping these resources secure: you (the customer) or AWS?
The answer is both. The reason is that you do not treat your AWS environment as a single object. Rather, you treat the environment as a collection of parts that build upon each other. AWS is responsible for some parts of your environment and you (the customer) are responsible for other parts. This concept is known as the shared responsibility model.
The shared responsibility model divides into customer responsibilities (commonly referred to as “security in the cloud”) and AWS responsibilities (commonly referred to as “security of the cloud”).
You can think of this model as being similar to the division of responsibilities between a homeowner and a homebuilder. The builder (AWS) is responsible for constructing your house and ensuring that it is solidly built. As the homeowner (the customer), it is your responsibility to secure everything in the house by ensuring that the doors are closed and locked.
Customers: Security in the Cloud
Customers are responsible for the security of everything that they create and put in the AWS Cloud.
When using AWS services, you, the customer, maintain complete control over your content. You are responsible for managing security requirements for your content, including which content you choose to store on AWS, which AWS services you use, and who has access to that content. You also control how access rights are granted, managed, and revoked.
The security steps that you take will depend on factors such as the services that you use, the complexity of your systems, and your company’s specific operational and security needs. Steps include selecting, configuring, and patching the operating systems that will run on Amazon EC2 instances, configuring security groups, and managing user accounts.
AWS: Security of the Cloud
AWS is responsible for security of the cloud.
AWS operates, manages, and controls the components at all layers of infrastructure. This includes areas such as the host operating system, the virtualization layer, and even the physical security of the data centers from which services operate.
AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure includes AWS Regions, Availability Zones, and edge locations.
AWS manages the security of the cloud, specifically the physical infrastructure that hosts your resources, which include:
- Physical security of data centers
- Hardware and software infrastructure
- Network infrastructure
- Virtualization infrastructure
Although you cannot visit AWS data centers to see this protection firsthand, AWS provides several reports from third-party auditors. These auditors have verified its compliance with a variety of computer security standards and regulations.