In AWS’s Shared Responsibility Model is the concept that AWS and the customer share responsibilities for security and compliance of Amazon Web Services. This allows AWS to support the customer by taking on the burden of operations control associated with the physical infrastructure so the customer can focus on securing and producing within the context of software.
AWS is responsible for security OF the
cloud.
The customer is responsible for security IN the cloud.
(AWS Shared Responsibility Model)
AWS’s Responsibility
AWS is responsible for protecting the AWS infrastructure for all services that run on the AWS Cloud. This can be hardware, software, networking, and facilities that help run the AWS Cloud.
Some services under AWS’s responsibility to secure are Compute, Storage, Database, Networking, and global infrastructures such as Regions, Availability Zones, and Edge Locations.
Customer’s Responsibility
The customer’s responsibility is determined by the services the customer uses, as the type of service determines the amount of configuration he must perform to help secure the system.
These include customer data, OS, network, firewall configuration, client-side data, encryption and data integrity, and server-side encryption. Identity Access Management (IAM) is an important part as well.
As Kate says in the video below, there’s nothing AWS can do to protect you if you leave your door unlocked!
Shared Responsibility Model: Lock Your Door!
Good question to ask is: “Can I log in and adjust the security settings?” If yes, then it’s your responsibility. If not, then it’s AWS’s responsibility.
Fully Controlled by AWS
- Physical and Environmental Controls
Shared Controls
AWS provides requirements for infrastructure and customer provides own control implementation.
- Patch Management: AWS patches and fixes flaws within the infrastructure; customers patch OS and applications
- Configuration Management: AWS configures infrastructure devices; customers patch OS and applications
- Awareness & Training: AWS trains AWS employees; customer trains its own employees
Fully Controlled by Customer
- Service & Communications Protection/Zone Security: Customer routes or zones data within specific security environments
Resources
- Shared Responsibility Model (AWS)
- AWS Shared Responsibility Model (AWS Blog)
© 2022 ExamTopics
ExamTopics doesn't offer Real Microsoft Exam Questions. ExamTopics doesn't offer Real Amazon Exam Questions. ExamTopics Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of ExamTopics. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set (10)
Students also viewedSets found in the same folderOther sets by this creatorVerified questions
computer science
Verified answer
computer science
Verified answer
computer science
Verified answer
computer science
Five political lobbyists are visiting seven members of Congress (labeled A through G) on the same day. The members of Congress the five lobbyists must see are 1. A, B, D 2. B, C, F 3. A, B, D, G 4. E, G 5. D, E, F Each member of Congress will be available to meet with lobbyists for one hour. What is the minimum number of time slots that must be used to set up the one-hour meetings so that no lobbyist has a conflict?
Verified answer
Recommended textbook solutions