Get startedGet started for free

The value of shared fate in cloud risk protection programs

1. The value of shared fate in cloud risk protection programs

Honeybees are known for their collaboration skills. Their success at ensuring the overall health of the hive relies on each bee doing their specific job. Similarly, as a cloud security professional, you, your teammates, and even external organizations sometimes rely on each other. Your success and their success depends on everyone doing their job. In this video, we’ll explore shared fate, a model of how cloud service providers and their customers depend on each other to keep cloud assets secure. With on-premises computing, the responsibility for keeping assets safe is clear. Since the infrastructure is on-site, the organization’s security team takes on all the control and responsibility for securing it. Managing responsibility gets more complicated with hybrid and cloud environments, where infrastructure is provided by cloud service providers, or CSPs. To support this, the shared responsibility model was developed to clarify the responsibility for securing cloud resources. It varies slightly between IaaS, SaaS, and PaaS environments, but the idea is similar between cloud models. Suppose you're working on a cloud security team, and your organization recently became a CSP customer. Here’s how your business relationship might work in a shared responsibility model. The CSP is responsible for the security of the cloud infrastructure and services they provide. This usually includes the security of physical servers and operating systems. The customer is responsible for securing resources in the cloud by configuring resources, managing IAM, and securing applications running in the cloud. The shared responsibility model helps define which tasks belong to customers, and which belong to CSPs. But, it places a clear boundary between the CSP and customer, which can lead to issues or misunderstandings. Under the shared responsibility model, users and CSPs may be unsure about who is responsible for certain tasks. Now back to your organization’s new CSP contract. Your team is ready to begin storing sensitive data with a CSP. Under the shared responsibility model, you —as the customer— may assume that, no matter how you configure the service’s settings, the CSP will keep your organization’s data secure. But the CSP may assume that your organization owns the responsibility of configuring the service correctly. This creates the potential for your security team to misconfigure the service, leading to sensitive data exposure. Another issue with the shared responsibility model is that tasks may be assigned to someone who isn’t the best fit to complete them. For example, your cloud security team may be unsure whether default settings on cloud products are right for the organization’s needs. The shared fate model was designed as a new way of thinking about cloud security, and helps determine how CSPs and customers should collaborate to manage risks. The shared fate model emphasizes the CSP’s involvement in the customer’s entire security journey and offers resources to securely manage their environment at each stage. Both the CSP and the customer share the responsibility of securing cloud infrastructure and resources. This model acknowledges that security issues affect both CSPs and customers and encourages them to work together. In a shared fate model, the CSP plays a more involved role throughout the customer’s journey in the cloud. The CSP guides the customer, and helps with the response if something goes wrong. The shared fate model also includes secure-by-default settings. This means that cloud resources come with robust security settings. If a customer wants to lessen security settings to meet their needs, the CSP will let them know how changing those configurations might affect their environment. In a shared fate model, the CSP makes advanced security features available to the customer, and guides them through configuring these controls. The CSP regularly tests controls in place on their cloud services to make sure everything’s working as it should. So, under the shared fate model, the CSP will accept the risks along with your organization as the customer. The CSP will also work to minimize the risk of their service being misconfigured. CSPs may also provide more secure default settings, give your data security team more guidance, and encrypt the data by default. These measures help keep your organization's data safe, even if your team accidentally misconfigures a setting. When CSPs and users collaborate using the shared fate model, they keep the cloud more secure than ever before. Keep buzzing along and work together to keep cloud assets secure.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.