The Shared Responsibility model is a security framework that defines the division of security responsibilities between AWS (Amazon Web Services) as the cloud service provider and the customers who use AWS services. It clarifies the areas of security that AWS is responsible for and those that the customers are responsible for when using AWS infrastructure and services.
In the Shared Responsibility model, AWS takes responsibility for the security of the cloud, which includes the underlying infrastructure, physical security of data centers, and the global network architecture. AWS also provides security features and services that customers can leverage to enhance the security of their applications and data.
On the other hand, customers are responsible for the security in the cloud, which includes the security of their applications, data, operating systems, network configurations, and user access controls. Customers have control over their applications, the data they store, and how they configure their environments within AWS.
To better understand the division of responsibilities, the Shared Responsibility model is typically depicted as a shared security responsibility matrix. The matrix outlines the different areas of responsibility for AWS and the customer across different service types. Here is a general breakdown:
Infrastructure Security: AWS Responsibility: AWS is responsible for securing the infrastructure that runs the cloud services, including physical security, network infrastructure, and hypervisor. Customer Responsibility: Customers are responsible for securing their applications, operating systems, and data. This includes configuring firewall rules, implementing secure access controls, and managing user identities.
Data Security: AWS Responsibility: AWS provides secure storage options and encryption services to protect data at rest. AWS manages the security of the underlying storage infrastructure. Customer Responsibility: Customers are responsible for managing access to their data, implementing encryption for data in transit, and securing data within their applications.
Identity and Access Management: AWS Responsibility: AWS offers IAM (Identity and Access Management) services that enable customers to manage user access to AWS resources and services. Customer Responsibility: Customers are responsible for managing user access within their AWS accounts, including creating and managing user accounts, setting permissions, and implementing multi-factor authentication (MFA) for enhanced security.
Network Security: AWS Responsibility: AWS provides network-level protection and security features such as VPC (Virtual Private Cloud) for network isolation, security groups for firewall rules, and DDoS (Distributed Denial of Service) protection. Customer Responsibility: Customers are responsible for configuring network security groups, defining network access control policies, and securing data traffic within their applications.
Application Security: AWS Responsibility: AWS ensures the security and availability of its own services and APIs. Customer Responsibility: Customers are responsible for securing their applications, including secure coding practices, vulnerability management, and protecting against application-level attacks.
It's important for customers to understand their responsibilities within the Shared Responsibility model and implement appropriate security measures to protect their applications and data. AWS provides documentation, best practices, and security services to assist customers in meeting their obligations and maintaining a secure cloud environment.
By clearly defining the division of responsibilities, the Shared Responsibility model helps foster collaboration between AWS and its customers, ensuring a secure and reliable cloud environment.