Co-Author: Sushant Paudyal
AWS Shared Responsibility Model:
When using the cloud for your everyday workloads which runs your business, it is indispensable that you feel secure about the resources you deploy and use in the cloud. You need to be aware of your roles to manage your resources effectively and also about who manages your resources when you are not doing it. For this, AWS Shared Responsibility Model was introduced. This model indicates which parts of security will be handled by AWS and which areas will be the responsibilities of customers/clients. For a secure cloud environment, both the customers and company should perform their roles side by side, hence the name ‘shared’ responsibility model.
Here is an illustration of the AWS Shared Responsibility Model:
As we can see, the roles are divided into two parts, namely security ‘in’ the cloud and security ‘of’ the cloud:
- Customer Responsibility: Here, the customers run the systems provided by AWS and make sure the resources are being securely utilized. Customers mainly manage security for data and applications that they run for various purposes. They handle security for instance operating systems, network configurations and different softwares that they deploy using the AWS services. Customers should carefully consider the services they choose as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions. When customers use Infrastructure as a Service (IaaS), they have to have complete control over the data, including handling networking traffic protection, data encryption authentication and server side encryption.
- AWS responsibility: This refers to the roles of AWS to make sure the services are up and running for their clients to use. Mainly, they oversee hardware and software maintenance. Technically, they are responsible for physical infrastructures, software infrastructures, network infrastructure and network isolation. Network isolation is the separate recognition of requests from different customers for a service. They make services available for computation, storage, database management and networking facilities and also manage the infrastructure for AWS Regions around the world, Availability Zones and various edge locations to keep the flow of traffic managed. Platform as a Service (PaaS) and Software as a Service (SaaS) applications fall mostly under AWS responsibility.
Advantages of AWS Shared Responsibility Model:
- It can help relieve the customers’ operational burden as AWS manages all the resources and makes them available for the clients.
- Tasks can be fulfilled faster and easier with the role of operations from both sides going side by side.
- It is easier to detect problems in the system and apply solutions accordingly.
Summary:
- AWS Shared Responsibility model indicates which parts of security will be handled by AWS and which areas will be the responsibilities of customers/clients.
- Customers are responsible for security ‘in’ the cloud, and AWS is responsible for security ‘of’ the cloud.
- Customers mainly manage the data and applications under AWS resources, while AWS manages hardware and software infrastructures.
- It is more advantageous than the traditional model in terms of segregation of management for efficient daily operations.