Shared Responsibility Model — AWS Solution Architect Associate Series — Part 3

Cloud computing allows businesses to benefit from advantages such as flexibility, scalability, and accessibility. However, it also requires a careful approach to security matters. Amazon Web Services (AWS) adopts a specific responsibility model to ensure the security of its cloud services. In this model, security responsibilities are clearly defined between AWS and the user.

AWS Security Responsibilities:

AWS is responsible for the foundational security of the cloud infrastructure. This includes the management of physical servers, network infrastructure, and data centers’ security. Additionally, AWS is responsible for software updates for provided services, ensuring service security, and keeping other infrastructure components up to date.

Summarized as follows:

- AWS is responsible for the physical security of the cloud infrastructure, including the physical security of data centers, network infrastructure security, and protection of hardware devices.
- Ensuring the security of the provided AWS services and performing software updates related to these services are AWS’s responsibilities.
- Matters such as ensuring the security of the global infrastructure, providing protection against DDoS attacks, and securing the transmission of data over the network are also under AWS’s control and responsibility.

User Security Responsibilities:

On the other hand, AWS users are responsible for the security of resources within the cloud. This includes various areas from cloud environment configuration settings to operating system configurations, implementation of data security mechanisms, encryption, and backup processes. Users should securely utilize cloud infrastructures by implementing their own application and data security policies.

When listed as bullet points, it includes:

- Users are responsible for configuring their own application, data, and user security settings.
- Proper configuration and management of services such as data encryption, security firewalls, and access controls are the user’s responsibility.
- Customers are responsible for implementing security policies using tools and services provided by AWS.
- Customers need to take necessary measures to ensure the security of their applications by paying attention to the security configurations of services provided by AWS.

Implementing the AWS Shared Responsibility Model:

1. Determine external and internal security and related compliance requirements and goals. Consider industry frameworks such as the NIST Cybersecurity Framework (CSF) and ISO.
2. Consider implementing AWS Cloud Adoption Framework (CAF) and Well-Architected best practices for planning and executing digital transformation on a large scale.
3. Examine the security sections of AWS service documentation to understand the security functionality and configuration options of specific AWS services. Gain a good understanding and apply them appropriately.
4. Evaluate AWS Security, Identity, and Compliance services to understand how to use them to achieve your security and compliance goals.
5. Identify the audits taken over by reviewing third-party audit confirmation documents and determine the remaining audits that may need to be implemented in your environment.
6. Provide cloud-specific learning opportunities for internal and external audit teams by taking advantage of AWS Cloud Audit Academy training programs.
7. Conduct a Well-Architected Review of your AWS workloads to assess whether security, reliability, and performance best practices are in place.
8. Explore solutions in the AWS Marketplace digital catalog that lists thousands of solutions offered by independent software vendors, enabling you to find, test, purchase, and deploy software running on AWS.

Of course, everything may not be as simple and easy as it seems. The “Shared Responsibility Model” structure of Amazon Web Services has some challenges. Examples are provided below.

Unawareness or Misunderstanding:

Users may struggle to understand or interpret the Shared Responsibility Model correctly. This can lead to security breaches or deficiencies. It is important, especially for newcomers or those using cloud services for the first time, to clearly understand the responsibilities.

Correct Configuration and Monitoring:

Users need to correctly configure the security settings of AWS-provided services and regularly review these configurations. Incorrect configurations or deficiencies in firewall rules can lead to security vulnerabilities.

Management of Sensitive Data:

Users are responsible for the security of their own data. This includes properly encrypting data, managing access controls appropriately, and taking backups when necessary. Mistakes in these areas can threaten the security of sensitive information.

Interactions Between Services:

Using multiple AWS services can make it challenging to manage security policies consistently between these services. Users must understand the security requirements of different services and integrate them coherently.

Rapidly Changing Environment:

The cloud computing environment can change rapidly, and security requirements can change when new services are added or existing services are updated. Users may need to continuously update their security policies and adapt to the rapidly changing environment.

The AWS Security Responsibility Model clearly defines the responsibilities that those using cloud services must pay attention to in terms of security. This collaboration between AWS and users, covering a wide range from physical security to software updates, contributes to creating a secure cloud environment.

The entire next article will be devoted to the explanation of the “Root User.”