AWS Shared Responsibility Model

1. AWS Shared Responsibility Model

Let's begin by understanding why cloud security is important.

2. Why cloud security is important?

Many large companies store sensitive data on behalf of their customers. This could be financial information or health data. Data breaches cause loss of customer trust. In regulated industries, companies are required to maintain appropriate access controls. Failure to do so may result in revocation of license. Finally, there are financial consequences. Between 2018 and 2022, in the US, the FBI received cybercrime-related complaints with a total loss of $27.6 billion. Clearly security is important, but who is responsible for security when using AWS? AWS itself, or the consumer?

3. Shared responsibility model

Cloud security is a shared responsibility between AWS and its customers. Depending on specific services used, customer responsibilities may change. For example, if you rent a server, AWS maintains the hardware. This includes hard disk, networking, backup power, and cooling. The customer maintains security for the operating system and software.

4. Shared responsibility model

This division of responsibility is similar to a tenant-landlord relationship. The landlord is responsible for the maintenance including the exterior color but the tenant has to take out the trash. Let's look at an example.

5. Security in the cloud - Customer responsibilities

Yummy is a paid recipe app. Yummy hosts their servers and database in the cloud. In this case, Yummy is responsible for the security of login information to servers and the databases. In addition, they need to maintain all the applications installed on the server and keep any encryption keys secure. Let's review AWS responsibilities to keep Yummy's app secure.

6. Security of the cloud - AWS responsibilities

Yummy rents multiple virtual machines. It's hardware is hosted inside a data center. AWS is responsible for the physical security of buildings, the equipment, networking, power backup, and infrastructure software (e.g. routing software). AWS is also responsible for ensuring redundancy in their infrastructure.

7. How responsibilities change?

However, certain decisions that cloud customers make might impact their security responsibilities. For example, when renting virtual servers, the customers are responsible for server security and updates. But some organizations prefer the convenience of not managing servers and instead focus on their application code. AWS offers serverless solutions for them. For example, Lambda for short-duration scripts and AWS Glue for ETL and Spark code.

8. Let's practice!

Let's jump into some exercises investigating a few AWS security tools.

Create Your Free Account

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.