AWS shared responsibility model lies at the foundation of AWS security and helps enterprises to improve the overall security of the cloud environment. The implementation of the AWS shared responsibility model is not the sole responsibility of one player but it is shared between AWS and the customer.
You have to understand which security controls are AWS’s responsibility and which are yours. With a solid understanding of the AWS shared responsibility model, it is easy to build and maintain a high-security environment.
|AWS Responsibilities||Customer Responsibilities||AWS Shared Responsibilities|
|Global Infrastructure AWS Hardware AWS Software||Customer Data IAM (Identity and access management) Data or File System Encryption Service & communication protections Network Traffic protections||IT controls Configuration Management Patch Management Training and Awareness|
In every aspect, security is considered the major priority by AWS. During the last few years, enterprises were reluctant to adopt a cloud environment due to security reasons. To overcome this hesitation, AWS needs to be at the top of security excellence and governance. AWS has become popular security standard today serving most security - sensitive customers around.
AWS services are distributed or deployed exactly the same way throughout their entire global infrastructure. Also, document backup is covered by the same strict security standards for large corporations. AWS is responsible for the global security of the cloud as a whole while customers are responsible to maintain the security of their specific instances.
When a customer chooses any of the Amazon’s infrastructure as a service, he needs to perform all the necessary configurations and management tasks as follows:
AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services:
To help you in better understanding, the AWS shared responsibility model, it has been divided into three major categories:
AWS infrastructure security elements include regions, edge locations, availability zones and the foundations of their compute, database and network services. AWS controls access to their data centers where sensitive customer data is stored. It covers physical access to networking and hardware components, additional data center facilities like UPS systems, generators, PDUs, fire suppression systems etc. Majorly, AWS is responsible for components management that makes up the cloud and stored within your system.
When global infrastructure is secured and maintained by the AWS, the responsibility for firewall configurations, OS configuration, network management, IAM, and application security falls on the customers. If the customer wanted to add extra security features then it is entirely based on him.
It is usually decided on the basis of nature of a business and existing security controls. It is recommended tightening security to the maximum extent with minimum exposure to external threats that could compromise your environment. The important thing to focus here is that AWS offers many powerful security controls but how to apply them in your favor is your responsibility, not the AWS.
The popular Container services in AWS include:
It is clear that application management with OS and network configuration has shifted to being the responsibility of AWS and no longer down to us as the customer to manage. This is the major difference between infrastructure-based services and container-based services in AWS. However, not all responsibilities are shifted. You can notice clearly that firewall configuration remains with the end-user which integrates at the application management level.
The popular abstract services in AWS include:
Here, you can notice that more responsibilities are shifted to AWS mainly network traffic protection and encryption. The customer is responsible for IAM, client-side data encryption and data integrity encryption majorly at the abstract layer. As we progress through the layers in the Aws share responsibility model, it is clear that control and responsibilities shift more towards AWS and customer becomes free. You can clearly observe the difference below between different layers of the model how responsibilities are shared and shifted to the AWS one by one. To choose the right AWS model for your business, you should analyze the business requirements first and try to know which method can deliver the best results based on your needs. It is not an easy task for the customer reaching the final decision. So, it is recommended taking helps from AWS experts and learn about the best AWS shared responsibility model for your business. Conclusion:
The AWS shared responsibility model is designed to maximize the overall security of Amazon’s cloud infrastructure. By educating their customers on how to manage or maintain strong operational protections, both Amazon and customers can feel more protected.
The mutual responsibilities of shared security gives assurance to Amazon that they don’t have to manage every security aspect directly and helps customers feel like Amazon can adjust to their specific security needs.
When security responsibilities are shared, customer awareness is the key with a depth understanding of risks associated with trusting a third-party. This freedom can be a huge set for lowering down the costs and increases the overall quality of services.
To know more on Shared responsibility model and its implementation, learn practical aspects of the cloud with JanBask Training and join our AWS certification course to become a valuable IT resource in the cloud domain.
A dynamic, highly professional, and a global online training course provider committed to propelling the next generation of technology learners with a whole new way of training experience.
Receive Latest Materials and Offers on AWS Course