Shared Responsibility Model
Definition
The shared responsibility model is a framework that outlines the security obligations of a cloud provider versus those of its customers. In essence, the provider is responsible for the security *of* the cloud, while the customer is responsible for security *in* the cloud.
Why It Matters
This model is crucial for understanding cloud security. Customers must understand that even though they are using a secure cloud provider, they are still responsible for configuring their services correctly and securing their own data and applications.
Contextual Example
AWS is responsible for securing the physical data centers, the network, and the hypervisor. The customer is responsible for managing user access with IAM, encrypting their data, configuring firewall rules, and patching their operating systems.
Common Misunderstandings
- The specific division of responsibility varies depending on the service model (IaaS, PaaS, SaaS). With SaaS, the provider manages the most, and with IaaS, the customer manages the most.
- Misunderstanding this model is a common cause of security breaches in the cloud.