if you want to remove an article from website contact us from top.

    according to the shared responsibility model who is responsible for security in the cloud

    Mohammed

    Guys, does anyone know the answer?

    get according to the shared responsibility model who is responsible for security in the cloud from screen.

    Shared Responsibility

    The responsibility for security and compliance is shared between AWS and you. This shared model relieves some of your operational burden because AWS operates, manages, and controls the components from the host operating system and virtualization layer, down to the physical security of the facilities in which the service operates.

    Shared Responsibility

    PDF RSS

    The responsibility for security and compliance is shared between AWS and you. This shared model relieves some of your operational burden because AWS operates, manages, and controls the components from the host operating system and virtualization layer, down to the physical security of the facilities in which the service operates.

    You are responsible for managing the guest operating systems (including updates and security patches) and application software, as well as configuring the AWS provided security controls, such as security groups, network access control lists, and identity and access management. You should carefully consider which services you use, because your responsibilities vary depending on the services you choose, the integration of those services in your IT environment, and applicable laws and regulations. Figure 2 shows a typical representation of the shared responsibility model as it applies to infrastructure services, such as Amazon Elastic Compute Cloud (Amazon EC2). It separates most responsibilities into two categories: security of the cloud (managed by AWS) and security in the cloud (managed by the customer). Responsibilities can change, depending on which services you use. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.

    However, the shared responsibility model changes with the addition of containers and other services that move the operations model to the service provider. As we move to the left of the operating model, away from IaaS and data centers and towards PaaS, the responsibility of the service provider increases. A customer has fewer responsibilities in the cloud and an easier time operating when migrating to the left of the graph. Note the following figures and the differences in the ability to operate or function in the cloud. As your shared responsibility in the cloud changes, your options for incident response or forensics change also. As the customer, while you plan your incident response, you'll also need to make sure that you plan around the abilities that you have in your operating model, and that you plan the possible interactions before they occur in the model that you have chosen. Planning for and understanding these tradeoffs and matching them with your governance needs is a crucial step in incident response.

    Figure 1: Shared Responsibility Model

    Figure 2: Amazon Elastic Container Service (Amazon ECS) with AWS Fargate Type Shared Responsibility Model

    In addition to the direct relationship you have with AWS, there may be other entities that have responsibilities in your particular responsibility model. For example, you may have internal organizational units that take responsibility for some aspects of your operations. You may also have partners or other third parties that develop, manage, or operate some of your cloud technology.

    Creating an appropriate incident response and forensics runbook that matches your operating model is extremely important. Your success hinges on your understanding of the types of tools that you need to create, or the tools you need to purchase, for the operating model that you have selected. The better your organization understands the tools available, the better prepared you will be to meet the needs of your enterprise’s governance risk and compliance (GRC) model.

    स्रोत : docs.aws.amazon.com

    Shared Responsibility Model

    While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Learn more about the Shared Responsibility Model.

    Shared Responsibility Model

    Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. Customers should carefully consider the services they choose as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment. As shown in the chart below, this differentiation of responsibility is commonly referred to as Security “of” the Cloud versus Security “in” the Cloud.

    AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.Customer responsibility “Security in the Cloud” – Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.

    This customer/AWS shared responsibility model also extends to IT controls. Just as the responsibility to operate the IT environment is shared between AWS and its customers, so is the management, operation and verification of IT controls shared. AWS can help relieve customer burden of operating controls by managing those controls associated with the physical infrastructure deployed in the AWS environment that may previously have been managed by the customer. As every customer is deployed differently in AWS, customers can take advantage of shifting management of certain IT controls to AWS which results in a (new) distributed control environment. Customers can then use the AWS control and compliance documentation available to them to perform their control evaluation and verification procedures as required. Below are examples of controls that are managed by AWS, AWS Customers and/or both.

    Inherited Controls – Controls which a customer fully inherits from AWS.

    Physical and Environmental controls

    Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include:

    Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.

    Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

    Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.

    Customer Specific – Controls which are solely the responsibility of the customer based on the application they are deploying within AWS services. Examples include:

    Service and Communications Protection or Zone Security which may require a customer to route or zone data within specific security environments.

    Applying the AWS Shared Responsibility Model in Practice

    Once a customer understands the AWS Shared Responsibility Model and how it generally applies to operating in the cloud, they must determine how it applies to their use case. Customer responsibility varies based on many factors, including the AWS services and Regions they choose, the integration of those services into their IT environment, and the laws and regulations applicable to their organization and workload.

    The following exercises can help customers in determining the distribution of responsibility based on specific use case:

    स्रोत : aws.amazon.com

    What is shared responsibility model? – Definition from TechTarget.com

    Learn about the shared responsibility model and how it dictates the IT security responsibilities of cloud providers and their customers.

    Tech Accelerator

    What is public cloud? Everything you need to know

    Home Cloud Infrastructure Security Admin shared responsibility model

    DEFINITION

    shared responsibility model

    Kathleen Casey, Site Editor

    Stephen J. Bigelow, Senior Technology Editor

    What is a shared responsibility model?

    A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.

    When an enterprise runs and manages its own IT infrastructure on premises, within its own data center, the enterprise -- and its IT staff, managers and employees -- is responsible for the security of that infrastructure, as well as the applications and data that run on it. When an organization moves to a public cloud computing model, it hands off some, but not all, of these IT security responsibilities to its cloud provider. Each party -- the cloud provider and cloud user -- is accountable for different aspects of security and must work together to ensure full coverage.

    While the responsibility for security in a public cloud is shared between the provider and the customer, it's important to understand how the responsibilities are distributed depending on the provider and the specific cloud model.

    Different types of shared responsibility models

    The type of cloud service model -- infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) -- dictates who is responsible for which security tasks. According to the Cloud Standards Customer Council, an advocacy group for cloud users, users' responsibilities generally increase as they move from SaaS to PaaS to IaaS.

    THIS ARTICLE IS PART OF

    What is public cloud? Everything you need to know

    Which also includes:

    8 key characteristics of cloud computing

    Top public cloud providers of 2023: A brief comparison

    8 ways to reduce cloud costs

    The cloud service provider's and user's security responsibilities vary depending on whether they're using the IaaS, PaaS or SaaS model.

    IaaS. The cloud provider is responsible for services and storage -- the basic cloud infrastructure components such as virtualization layer, disks and networks. The provider is also responsible for the physical security of the data centers that house its infrastructure. IaaS users, on the other hand, are generally responsible for the security of the OS and software stack required to run their applications, as well as their data.PaaS. When the provider supplies a more comprehensive platform, the provider assumes greater responsibility that extends to the platform applications and OSes. For example, the provider ensures that user subscriptions and login credentials are secure, but the user is still responsible for the security of any code or data -- or other content -- produced on the platform.SaaS. The provider is responsible for almost every aspect of security, from the underlying infrastructure to the service application, such as an HR or finance tool, to the data the application produces. Users still bear some security responsibilities such as protecting login credentials from phishing or social engineering attacks.

    Pros and cons of a shared responsibility model

    Although cloud computing is a well-established technology, the concept of shared responsibility remains daunting and potentially confusing -- largely because cloud computing has only reached broad acceptance over the last few years. As with most technologies, there are tradeoffs to consider. The benefits are easy to see, such as the following:

    Ease of use. With shared responsibility, the provider shoulders much of the security responsibility for the infrastructure -- relieving that traditional responsibility from computing users. This shortens the list of things users must worry about and can make shared responsibility tasks quicker and easier.Solid expertise. Cloud providers devote substantial resources and expertise to infrastructure security, and they are typically quite good at it. This can be a significant benefit for small-to-mid-sized organizations that might lack in-house security expertise.

    Still, any cloud user must consider a series of potential risks or disadvantages in a shared responsibility model, including the following:

    Trust. Users must be able to trust that cloud providers are delivering on their security responsibilities. This can be difficult for large businesses with sensitive data -- and impossible for some types of businesses.Knowledge. For users to tackle their part of shared responsibility, they must possess a deep and detailed understanding of the provider's tools, resources and configuration settings to ensure that workloads and data running within the cloud's infrastructure are properly secured -- such as using encryption.Changes. Changes happen, and users must understand any changes to the providers' infrastructure or services -- such as API updates -- so that configurations and settings are kept properly secured.

    स्रोत : www.techtarget.com

    Do you want to see answer or more ?
    Mohammed 15 day ago
    4

    Guys, does anyone know the answer?

    Click For Answer