Understanding The AWS Shared Security Model

Whether entering the cloud for the first time or being a clear veteran of the cloud in every way possible, the concern of security and responsibility remains. What is the average individual in the cloud truly responsible for? How does Amazon Web Services (AWS) tie into this? These are the questions countless individuals worldwide ask themselves when choosing to be a part of the cloud with all of their information and data.

However, to better understand these questions and their respective answers, we must first understand the AWS shared security model and how it greatly impacts the security of the cloud in a positive manner. Through this, we are sure to find the answers to these questions with ease.

What is the AWS Shared Security Model?

According to Cloud Academy, “AWS security best practices begin with the AWS Shared Responsibility Model that dictates which security controls are AWS’s responsibility and which are yours.”

With this said, it can be deduced that the AWS Shared Security Model is an infrastructure that is utilized by the AWS cloud to dictate what they keep secure as well as what you keep secure. Ideally, this is put in place to remove any fault from AWS in the case scenario that one of the aspects you should be protecting are hacked or damaged. It also allows you, the user, to be aware of what you must protect when choosing to be a part of the cloud thus ensuring the safety of the entire experience both for you as well as AWS.

When you first choose to be a part of the cloud, you decide how you want your resources and data to sit in the cloud. You also decided how much of your data and content you want to share with the cloud and how much control you intend to keep likewise. With this said, you inevitably choose how secure you want your data and resources to be and what you plan on protecting yourself.

Because AWS takes security very seriously-as they should-the AWS Shared Security Model provides an outline of what they promise to keep secure and what you should be securing likewise. In short, this model can be broken down into two parts: The security of the cloud, which AWS is responsible for, and the security in the cloud, which you are responsible for. To understand exactly what that means, let’s break that down a bit.

The Security of the Cloud

According to AWS themselves, “AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.”

As such, AWS is responsible for the Global Infrastructure which includes regions, availability zones, and edge locations, as well as the storage, database, networking, and both software and hardware.
Unlike private clouds, AWS is a public cloud which is why it focuses on its own data security and infrastructure and leaves the security in the cloud up to you. Fortunately, this still means that the cloud itself is secure which is a great first step towards true data security in our all-too-often insecure world.

The Security in the Cloud

When it comes to security in the cloud, this lies in your hands. Fortunately, you are only responsible for everything above the hypervisor level which essentially means that AWS is comfortable doing all the heavy lifting and only leaving you responsible for yourself once inside.

This is why understanding the AWS Shared Security Model is so important. Without a full and comprehensive understanding of what this means, you could unknowingly leave your data and resources vulnerable within the cloud.

Essentially, focusing on all things above the hypervisor level within the cloud consists of your own data, platforms, identity, passwords, applications, encryption, and the OS, network, and firewall configuration. This means that all of the data you choose to be responsible for, all the apps you use and passwords you save, the security parameters you put in place, and your very identity are your responsibility.

Think of AWS as a locker in a gym. It’s convenient, sturdy, and able to hold all of your sensitive information such as your wallet or keys-but it is still your responsibility to lock up these items and ensure they are secure when inside.

This is why AWS relies on you to put the correct security parameters in place inside the cloud. In fact, according to McAfee, “Customers are also responsible for implementing appropriate access control policies using AWS IAM, configuring AWS Security Groups (firewall) to prevent inappropriate access to ports, and enabling AWS CloudTrail. Customers are also responsible for enforcing appropriate data loss prevention policies to ensure compliance with internal and external policies, as well as detecting and remediating threats arising from stolen account credentials or malicious/accidental misuse of AWS.”

With this said, although you don’t have to focus on anything below the hypervisor level or focus on the actual security of the cloud, you are still responsible for yourself and your security and identity alike. This is why getting to know the AWS Shared Security Model like this is the best way to ensure full security within the cloud.

In the end, data security and cloud security remain major concerns for countless internet users worldwide. With hacking becoming more and more prevalent and popular in our modern society, the need for accountability and an outline of shared responsibility is more necessary than ever before. This being said, by being aware of your own responsibility within the cloud, you can successfully secure every aspect of your cloud experience and know that your data and identity are safe within the AWS cloud indefinitely.