Select Page

What is the shared responsibility model?

The Shared Responsibility Model is a cloud security framework that dictates the security obligations of the cloud provider and its users for accountability. The framework defines which components is the cloud service provider (CSP) responsible for and which need to be protected by the user/customer.

It generally states that the CSP is responsible for the security of the cloud while the client is responsible for the security of the data in the cloud.

For services, applications, and controls between these ownership levels, security responsibility varies by cloud provider and service type. For example, a cloud client has more security responsibilities in an Infrastructure as a Service (IaaS) model than in a Software as a Service (SaaS) model.

Shared Responsibility Model Explained Using AWS EC2 Example

For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is classified as Infrastructure as a Service (IaaS) and requires the customer to perform all necessary security and management tasks.

When customers deploy Amazon EC2 instances, it manages the guest operating system, any applications they install on those instances, and the firewall configuration provided on those instances.

Customer is responsible for and manages the configuration of the guest operating system (including updates and security patches), other related application software, and AWS-provided security group firewalls. To ensure security in this cloud environment, the client configures and manages the security of the guest operating system and other applications, including updates and security patches, as well as security group firewalls.

Moreover, the client is also responsible for data control, asset classification, and implementing appropriate permissions to manage identity and access. This puts the primary responsibility for properly configuring the security of the provided service on the client, such as applying permissions at the IAM platform and user/group level.

Shared Responsibility of PaaS versus IaaS

Under PaaS, the provider also assumes full responsibility for hosting the physical infrastructure and network security, while sharing responsibility with the customer at the application and access control level.

While IaaS clients retain most of the control, they can rely on the CSP to manage physical, infrastructure, network, and virtualization security. If you use your CSP applications in a SaaS model, you are not responsible for the security of the applications. For example, if you use your applications in the cloud as PaaS or IaaS, you are responsible for their security. You are responsible for protecting your data and identities, on-premises resources, and the cloud components you manage (depending on the type of service).

User/Customer Responsibility: Traditional Data Center versus Cloud

In the traditional data center model, you are responsible for securing the entire operating environment, including applications, physical servers, user controls, and even the physical security of buildings. Your operations team must work closely with security professionals to maintain policy-based control over how and when cloud resources are provisioned. By partnering with a cloud service provider and sharing some of the responsibility for security, you can maintain a secure environment with lower operating costs.

By outsourcing responsibilities to a cloud service provider, organizations can achieve greater security, allowing them to reallocate security resources and budget to other business priorities. In the cloud, your provider offers valuable assistance to your teams by taking on many of the operational burdens, including security. Control over the security of your cloud workloads makes your organization more prepared to detect threats and resolve issues quickly.

How to leverage the shared responsibility model for your workloads

Putting the concept of shared security into practice for cloud workloads requires evaluating the details of how these workloads are configured. The key to successfully implementing security in the cloud is understanding where your vendor’s responsibility ends and yours begins. Understanding customer security responsibilities is the first step to protecting your data in the cloud.

In order to fully take into account, the overall responsibility for security, it is necessary to maintain complete transparency of the cloud environment.

In a shared security responsibility model, when you move applications, data, containers, and workloads to the cloud, your security team is responsible for security, and the provider has some, but not much, responsibility.

When it comes to “shared responsibility,” it’s important to understand that you and your cloud service provider will never share responsibility for any aspect of your security operations. Additionally, you remain responsible for securing everything in your organization that connects to the cloud, including the on-premises infrastructure stack and user devices, your own network and applications, and the communication layer connecting internal and external users.

Essentially, your cloud provider is responsible for ensuring that your infrastructure built on its platform is secure and reliable from the outset. But in either model, you need to take an active role in your cloud deployment, setting up your CSP security controls and monitoring your cloud solution to ensure your data is protected.

In the case of IaaS, the CSP is typically responsible for protecting the physical aspects of managing the infrastructure, while the customer is responsible for protecting the configuration and internal operation of the provisioned cloud resources. Under IaaS, the cloud service provider is solely responsible for the physical resources and shares responsibility for infrastructure and host network security with the customer; everything else is the responsibility of the customer.

Interested in using cloud storage that leverages the shared responsibility model? Talk to StoneFly pre-sales engineers today to discuss your projects.

What is Black Basta Ransomware and How to Defend Against it

What is Black Basta Ransomware and How to Defend Against it

Black Basta, a sophisticated ransomware group, has become a major threat to organizations globally, targeting industries ranging from healthcare to financial services. Known for using double-extortion tactics, Black Basta not only encrypts critical data but also...

S3 Object Storage Cost Comparison: Cloud vs Data Center

S3 Object Storage Cost Comparison: Cloud vs Data Center

S3 object storage cost comparisons between public cloud options and private data centers reveal crucial differences in long-term expenses and scalability. Public cloud providers offer readily available infrastructure and flexibility, but data storage and retrieval...

S3 Object Storage: The Ultimate Solution for AI/ML Data Lakes

S3 Object Storage: The Ultimate Solution for AI/ML Data Lakes

Artificial Intelligence (AI) and Machine Learning (ML) workloads generate and require massive amounts of data, often from diverse sources such as structured databases, unstructured logs, multimedia, and sensor data. To manage this data effectively, enterprises...

Top Reasons to Prioritize NAS Storage Backup in Your IT Strategy

Top Reasons to Prioritize NAS Storage Backup in Your IT Strategy

Backing up your NAS appliance is a non-negotiable requirement for enterprise organizations. While NAS systems offer scalable storage and accessibility, they are still vulnerable to critical risks such as hardware failures, cyberattacks, and data corruption. Without a...

You May Also Like

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email