if you want to remove an article from website contact us from top.

    which of the following model defines the responsibility of security in and of the cloud


    Guys, does anyone know the answer?

    get which of the following model defines the responsibility of security in and of the cloud from screen.

    Shared Responsibility Model

    The problem isn’t the cloud itself, it’s how you’re handling security in the cloud that matters. Read to know your role in the shared responsibility model.


    What is the Shared Responsibility Model? Your Cloud Security Responsibilities Defined

    Is your organisation taking advantage of the benefits of cloud computing? And if so, do you understand the responsibilities that come with securing your environment? These are big questions for many organisations in the modern workplace. In this post we will take a dive into the current state of cloud adoption, and the framework – called the Shared Responsibility Model – which helps organisations understand their obligations in ensuring the security of their data and assets in the cloud.

    The Current State of Cloud

    Cloud computing is far from a new concept, with the term itself attributed by many to Google’s then CEO Eric Schmidt in an August 2006 industry conference. Since that time, it has become a part of the business vernacular, with increasing adoption year on year.

    In simple terms, “the cloud” is an all-encompassing term that applies to the space on shared servers hosted by third parties that businesses can rent. It acts as an alternative to the more expensive and demanding solution of organisations owning and maintaining a physical infrastructure on-premise. There are many benefits to moving your organisation to the cloud. Among these are potentially reduced IT infrastructure and operating costs as well as access to far greater economies of scale.

    But if it’s all about benefits to a business, why are there many yet to take the plunge? The reluctance of some organisations is largely based on concerns around security. According to LogicMonitor’s Cloud Vision 2020: The Future of the Cloud report, 66 per cent of IT professionals say that security is their primary concern in adopting an enterprise cloud computing strategy. 60 per cent also highlighted fears around governance and compliance as being a key factor.

    This perception of greater security risk has led some organisations to delay a migration to cloud, but the reality is that the cloud itself shouldn’t be any less secure than your on premise infrastructure – the primary issue is a lack of understanding of how to employ best practice.  Indeed, the security features available to you in the cloud can actually provide greater security than on-premise, assuming they are effectively utilised. This is where understanding the Shared Responsibility Model is vital. Whether your organisation has already moved to a cloud or hybrid environment, or is currently contemplating the change, it is critical that you understand your responsibilities when it comes to cloud security.

    As Jay Heiser, Vice President Analyst of Gartner once said: CIOs must change their line of questioning from “Is the cloud secure?” to “Am I using the cloud securely?”

    What is the Shared Responsibility Model?

    The Shared Responsibility Model is a globally accepted cloud security framework that reflects the security obligations and responsibilities of your cloud provider and those that belong to you, the customer.

    While the responsibilities are clearly outlined in the model, there is some persistent misunderstanding of the line in the sand – perhaps defined as simply as “security of the cloud” and “security in the cloud”. More on that in a moment. Historically speaking organisations who maintained everything in an on-premise datacentre would have effectively held responsibility for all aspects of their security, both physical and virtual.

    Now that the infrastructure has moved to a third-party cloud provider – AWS or Azure for example – they hold responsibility for ensuring that the infrastructure is secure. Meanwhile, you the customer are responsible for everything from assets and data to apps that sit within the cloud environment.

    It is also important to consider which cloud workloads or services you are utilising, as there are key differences in responsibility ownership within the model.

    What are the different workloads?

    Infrastructure as a Service (IaaS): provides organisations with access to physical or virtual servers, networking and storage

    Platform as a Service (PaaS): provides organisations with access to operating systems and software to develop applications

    Software as a Service (SaaS): provides users with access to specific applications as a service via web or app

    The following diagram from Microsoft illustrates your areas of responsibility across all workloads (SaaS, IaaS, PaaS and on-premise).

    While there are some areas where responsibility changes depending on your service type, there are some defined rules:

    For all cloud workloads your service provider manages the physical aspects – hosts, networks and datacentres

    For all cloud workloads you own responsibility for your data, endpoints, accounts, identities, and access management

    Why is the Shared Responsibility Model Important?

    According to Gartner’s latest forecast, “through 2025, 99 per cent of cloud security failures will be the customer’s fault”. Whilst that is an alarming projection, it does tell us that organisations that are already in the cloud or are moving to it must absolutely understand their responsibilities if they want to benefit from the cloud securely.

    स्रोत : www.threatscape.com

    Shared Responsibility Model

    While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Learn more about the Shared Responsibility Model.

    Shared Responsibility Model

    Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. Customers should carefully consider the services they choose as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment. As shown in the chart below, this differentiation of responsibility is commonly referred to as Security “of” the Cloud versus Security “in” the Cloud.

    AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.Customer responsibility “Security in the Cloud” – Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.

    This customer/AWS shared responsibility model also extends to IT controls. Just as the responsibility to operate the IT environment is shared between AWS and its customers, so is the management, operation and verification of IT controls shared. AWS can help relieve customer burden of operating controls by managing those controls associated with the physical infrastructure deployed in the AWS environment that may previously have been managed by the customer. As every customer is deployed differently in AWS, customers can take advantage of shifting management of certain IT controls to AWS which results in a (new) distributed control environment. Customers can then use the AWS control and compliance documentation available to them to perform their control evaluation and verification procedures as required. Below are examples of controls that are managed by AWS, AWS Customers and/or both.

    Inherited Controls – Controls which a customer fully inherits from AWS.

    Physical and Environmental controls

    Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include:

    Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.

    Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

    Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.

    Customer Specific – Controls which are solely the responsibility of the customer based on the application they are deploying within AWS services. Examples include:

    Service and Communications Protection or Zone Security which may require a customer to route or zone data within specific security environments.

    Applying the AWS Shared Responsibility Model in Practice

    Once a customer understands the AWS Shared Responsibility Model and how it generally applies to operating in the cloud, they must determine how it applies to their use case. Customer responsibility varies based on many factors, including the AWS services and Regions they choose, the integration of those services into their IT environment, and the laws and regulations applicable to their organization and workload.

    The following exercises can help customers in determining the distribution of responsibility based on specific use case:

    स्रोत : aws.amazon.com

    What is shared responsibility model? – Definition from TechTarget.com

    Learn about the shared responsibility model and how it dictates the IT security responsibilities of cloud providers and their customers.

    Tech Accelerator

    What is public cloud? Everything you need to know

    Home Cloud Infrastructure Security Admin shared responsibility model


    shared responsibility model

    Kathleen Casey, Site Editor

    Stephen J. Bigelow, Senior Technology Editor

    What is a shared responsibility model?

    A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.

    When an enterprise runs and manages its own IT infrastructure on premises, within its own data center, the enterprise -- and its IT staff, managers and employees -- is responsible for the security of that infrastructure, as well as the applications and data that run on it. When an organization moves to a public cloud computing model, it hands off some, but not all, of these IT security responsibilities to its cloud provider. Each party -- the cloud provider and cloud user -- is accountable for different aspects of security and must work together to ensure full coverage.

    While the responsibility for security in a public cloud is shared between the provider and the customer, it's important to understand how the responsibilities are distributed depending on the provider and the specific cloud model.

    Different types of shared responsibility models

    The type of cloud service model -- infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) -- dictates who is responsible for which security tasks. According to the Cloud Standards Customer Council, an advocacy group for cloud users, users' responsibilities generally increase as they move from SaaS to PaaS to IaaS.


    What is public cloud? Everything you need to know

    Which also includes:

    8 key characteristics of cloud computing

    Top public cloud providers of 2023: A brief comparison

    8 ways to reduce cloud costs

    The cloud service provider's and user's security responsibilities vary depending on whether they're using the IaaS, PaaS or SaaS model.

    IaaS. The cloud provider is responsible for services and storage -- the basic cloud infrastructure components such as virtualization layer, disks and networks. The provider is also responsible for the physical security of the data centers that house its infrastructure. IaaS users, on the other hand, are generally responsible for the security of the OS and software stack required to run their applications, as well as their data.PaaS. When the provider supplies a more comprehensive platform, the provider assumes greater responsibility that extends to the platform applications and OSes. For example, the provider ensures that user subscriptions and login credentials are secure, but the user is still responsible for the security of any code or data -- or other content -- produced on the platform.SaaS. The provider is responsible for almost every aspect of security, from the underlying infrastructure to the service application, such as an HR or finance tool, to the data the application produces. Users still bear some security responsibilities such as protecting login credentials from phishing or social engineering attacks.

    Pros and cons of a shared responsibility model

    Although cloud computing is a well-established technology, the concept of shared responsibility remains daunting and potentially confusing -- largely because cloud computing has only reached broad acceptance over the last few years. As with most technologies, there are tradeoffs to consider. The benefits are easy to see, such as the following:

    Ease of use. With shared responsibility, the provider shoulders much of the security responsibility for the infrastructure -- relieving that traditional responsibility from computing users. This shortens the list of things users must worry about and can make shared responsibility tasks quicker and easier.Solid expertise. Cloud providers devote substantial resources and expertise to infrastructure security, and they are typically quite good at it. This can be a significant benefit for small-to-mid-sized organizations that might lack in-house security expertise.

    Still, any cloud user must consider a series of potential risks or disadvantages in a shared responsibility model, including the following:

    Trust. Users must be able to trust that cloud providers are delivering on their security responsibilities. This can be difficult for large businesses with sensitive data -- and impossible for some types of businesses.Knowledge. For users to tackle their part of shared responsibility, they must possess a deep and detailed understanding of the provider's tools, resources and configuration settings to ensure that workloads and data running within the cloud's infrastructure are properly secured -- such as using encryption.Changes. Changes happen, and users must understand any changes to the providers' infrastructure or services -- such as API updates -- so that configurations and settings are kept properly secured.

    स्रोत : www.techtarget.com

    Do you want to see answer or more ?
    Mohammed 3 day ago

    Guys, does anyone know the answer?

    Click For Answer