Shared responsibility model indicates that AWS and the AWS Customer have a role to play in Securing the cloud. AWS is responsible for security of the cloud while the customer is responsible for security in the cloud.
Customer responsibility “Security in the Cloud”
Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. As shown in the chart above, this differentiation of responsibility is commonly referred to as Security “of” the Cloud versus Security “in” the Cloud.
Examples of AWS and Customer Responsibilities:
- Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
- Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.
- Monitoring – AWS provides several security tools that the customer can purchase (or integrate existing solutions) in order to monitor their environment for malicious activity and/or identify possible vulnerabilities. The customer is responsible to monitor these tools and respond with mitigation as appropriate.
- Awareness & Training – AWS trains AWS employees, but a customer must train their own employees.