The Reality
All of the major cloud vendors, and AWS specifically, secure their own environ-
ments, follow strict processes for handling data and systems, and provide you
with a number of features to ensure your highly valued applications are safe
and sound when they move out of your datacenter and into a new home.
Most of us are not bound by the CIA-level requirements, and public cloud capa-
bilities c an address most of the security requirements enterprises have. In
order to ensure that your operations, applications, and data are secure, AWS
advocates a Shared Responsibility model. That means the following:
• AWS secures the cloud
• YOU secure what’s in the cloud
Customer Data
Platform, Applications, Identity & Access Management
Responsibile
for Security
"in" the Cloud
Operating System, Network & Firewall Configuration
Client-side Data
Encryption & Data
Integrity Authentication
Responsibile
for Security
"of" the Cloud
Compute
AWS Global
Infrastructure
Server-Side Encryption
(File System and/or
Data)
Storage
Database
Regions
Availability Zones
Network Traffic Protection
(Encryption/Integrity/
Identity)
Networking
Edge
Locations
Figure 1: AWS’ Shared Responsibility Model
What does that mean in practice? Well, at the most basic level, that means that
AWS takes care of all of the data center security (physical, environmental, per-
sonnel) so you don’t have to. They also take care of security of their service
offerings since everything in AWS can be invoked via API. Last but not least,
they get audited by independent third parties and can provide a number of
attestations and reports that can help you address your regulatory needs, be
they HIPAA, SOX, FedRAMP, etc. This last one is particularly important because
it demonstrates that AWS, as the service provider, follows a documented,
repeatable, and independently verified approach. Based on best practices, this
approach ensures that their employees and systems protect the integrity and
confidentiality and ensure availability and security of your resources in AWS.
FALL 2017 | THE DOPPLER | 11