Scribd Logo
Upload

Welcome to Scribd!

  • Subtitle

    Uploaded by

    Juan Ignacio Torres
    7 views2 pages
    AWS and the customer share responsibility for security in the AWS cloud environment based on the Shared Responsibility Model. AWS is responsible for security of the cloud infrastructure, including physical data centers, hardware, servers, and network devices. The customer is responsible for security in the cloud, such as managing access controls, encrypting data, patching operating systems, and configuring firewalls on their virtual servers and resources. Together, AWS securing the lower levels and the customer securing access and configurations provide a secure environment to build and run solutions in the AWS cloud.

    Original Description:

    Original Title

    subtitle (3)

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    AWS and the customer share responsibility for security in the AWS cloud environment based on the Shared Responsibility Model. AWS is responsible for security of the cloud infrastructure, including physical data centers, hardware, servers, and network devices. The customer is responsible for security in the cloud, such as managing access controls, encrypting data, patching operating systems, and configuring firewalls on their virtual servers and resources. Together, AWS securing the lower levels and the customer securing access and configurations provide a secure environment to build and run solutions in the AWS cloud.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views2 pages

    Subtitle

    Uploaded by

    Juan Ignacio Torres
    AWS and the customer share responsibility for security in the AWS cloud environment based on the Shared Responsibility Model. AWS is responsible for security of the cloud infrastructure, including physical data centers, hardware, servers, and network devices. The customer is responsible for security in the cloud, such as managing access controls, encrypting data, patching operating systems, and configuring firewalls on their virtual servers and resources. Together, AWS securing the lower levels and the customer securing access and configurations provide a secure environment to build and run solutions in the AWS cloud.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    - [Morgan] In order to

    begin using AWS effectively, it's important to understand


    how security works in the cloud. You already know that by using AWS, you won't be
    managing every single aspect of hosting your solutions. You'll rely on AWS to
    manage portions of your workload for you, taking care of that
    undifferentiated heavy lifting, like running the day-to-day of the operations of
    the data center and managing the various
    virtualization techniques employed to keep your AWS account isolated from say, my
    AWS account. So, the question is, who is ultimately responsible
    for security in AWS? Is it, A, you the customer or B, AWS? The answer? Well, the
    correct answer is "yes". Both you and AWS are responsible for securing your AWS
    environment. Let's explore this
    concept a little bit more. AWS follows something called the Shared Responsibility
    Model. We don't view solutions built on AWS as one singular thing to be secured. We
    see it as a collection of
    parts that build on each other. AWS is responsible for the
    security of some aspects and the others, you are
    responsible for their security. Together with both you and
    AWS following best practices, you have an environment
    that you can trust. Let's take a look at the Shared Responsibility
    Model diagram. You can see, we have the responsibility of security broken into two
    groupings, you and AWS, each being responsible for different components. We
    describe AWS as being responsible for security of the cloud. For example, one piece
    of the
    puzzle AWS is responsible for, is the AWS Global Infrastructure. And when I say
    global infrastructure, I mean the physical infrastructure that the cloud is running
    on. This is iron and concrete, buildings with fences
    protected by security guards and various other security measures. It also includes
    the AWS global backbone or the private fiber cables that connect each AWS
    region to each other. Managing the security of
    these pieces is all on AWS. You don't need to worry about
    that as far as security goes. Then there is the infrastructure and various software
    components
    that run AWS services. This includes compute databases,
    storage and networking. AWS is also responsible
    for securing these services from the host operating system up through the
    virtualization layer. For example, let's say you want to
    host some virtual machines or VMs on the cloud. We primarily use the service Amazon
    EC2 for this use case. When you create a VM using EC2, AWS manages the physical
    host that the VM is placed on as well as everything up
    through the hypervisor level. If the host operating system or the hypervisor needed
    to be patched or updated, that is the responsibility of AWS. This is good news for
    you as the customer, as it greatly reduces
    the operational overhead and running a scalable and elastic solution,
    leveraging virtualization. We will talk more about
    EC2 and elastic solutions in upcoming lessons. For now, let's get back
    to the security aspect. So, if AWS manages the underlying hardware up through the
    virtualization layer, what are you responsible for? Well, you are responsible
    for security in the cloud, similar to how a construction
    company builds a building and it's on them to make sure that the building itself
    is stable and secure. Then, you can rent an
    apartment in that building. It's up to you lock the
    door to your apartment. Security of the building
    and security in the building are two different elements. For security in the cloud,
    the base layer is secured by AWS. It's up to you to lock the door. So for our EC2
    example,
    you are responsible for tasks like patching the
    operating systems of your VMs, encrypting the data in
    transit and at rest, configuring firewalls and controlling who has
    access to these resources as well as controlling
    how much access they have. The main thing to understand is that you own your data
    in AWS. You are ultimately
    responsible for ensuring that your data is encrypted, secure and has proper access
    controls in place. In many cases, AWS services
    offer native features that you can enable to
    achieve a secure solution. It's up to you to actually use them. In other cases, you
    may devise your own
    solutions to meet compliance and security standards for your own specific
    industry or use case. So, that's the Shared Responsibility
    Model at a high level. I do want you to keep
    something in mind though. There is some amount of nuance that you should understand
    as we move through this course regarding the
    Shared Responsibility Model. Each AWS service is different and serves a different
    purpose and a different use case. Therefore, the Shared
    Responsibility Model can vary from service to service as well. This is a good thing
    as you get to decide how to
    build your solutions on AWS.

    You might also like