Taking a Closer Look at the All-New
Shared Security Responsibility Model

Taking a Closer Look at the Shared Security Responsibility Model

According to Gartner most organizations will use multiple public and private cloud services as well as traditional applications and infrastructure.

We have asked more than 300 C-level and IT decision makers also confirms the following:

  • Cloud management strategy remains a priority and a challenge
  • The hybrid approach is popular strategy for tackling the cloud.

Traditional Perimeters are Disappearing

The rise of both multi-cloud and hybrid environments means that enterprise workloads and the data that goes with them are increasingly becoming distributed among varying environments in order to improve business agility and reduce costs.

The traditional perimeters are disappearing and attack surfaces are growing as organizations use a combination of public and private cloud services.


Who’s responsible for what?

Working out who’s responsible for what across these various environments as well as managing how security teams stay on top of securing their cloud environments in the shared responsibilities model, is a growing business problem.

We’ll broach the consequences of this situation in the second part of our series, “The Impact of Cloud Security Gaps and How Managed Security Services can help”.

Microsoft, one of the largest cloud providers in the business environment, has laid out the responsibilities between the customer and the cloud provider as they see it. In the shared responsibility model, the cloud provider is responsible for “security of the cloud” and the customer is responsible for “security in the cloud”.

Shared responsibility
Fig. 1: Shared Responsibility in the Cloud, source: Microsoft

Below is another example of how AWS views responsibility in the cloud. AWS has actually written their Shared Responsibility Model on their web site and the graphic below summarizes how they categorize who is responsible for which aspects of cloud security.

amazon securtiy
Fig. 2: Amazon Security Model

What should the cloud customer know?

From a customer perspective, the cloud customer needs to protect their company’s data, applications, identities, hosts, endpoints, devices and parts of network infrastructure. The cloud customer is adding protection on top of the built-in security controls the cloud provider has already provided. In the shared security model, the customer needs to prioritize and implement security controls above the secure foundation provided by the cloud provider.

As organizations continue to shift their workloads to the cloud, they need to keep pace with scale and ensure security and compliance of their cloud environments.

What does the shared security model mean for you?

The shared security model means that the cloud provider has built-in security controls, you are building on that security foundation by implementing security controls to protect your cloud environments in the cloud.

Choose a security vendor that addresses multiple aspects of your security controls and choose a partner that can help you address the priorities for security and compliance and close the skills gaps by helping augment your internal security teams.

Be sure to visit back for Part 2 of Shared Responsibility in the Cloud series covering why organizations are adopting managed security services to close the skills gaps.

Looking for Support on Cloud Security?

Visit SoftwareONE Security Services for more information.

Get all facts about our security services
  • Tuesday 14 August 2018

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

SoftwareONE Blog Team

Blog Editorial Team Trend Scouts

IT Trends and industry-relevant Novelties

Related Articles

Building-a-Roadmap-for-Windows-7-End-of-Extended-Support_teaser
  • 14 August 2019
  • Blog Editorial Team
  • Publisher Advisory, Managed Security, Managed Backup
  • Windows 7, EoS

Building a Roadmap for Windows 7 End of Extended Support

To prepare for Windows 7 EoS, organizations must evaluate their entire software environment. Learn how to build a roadmap to accomplish this.

How to Transition from Direct to CSP Indirect
  • 13 August 2019
  • Blog Editorial Team
  • Managed Cloud
  • CSP Indirect

How to Transition from a Direct CSP Provider to an Indirect CSP Reseller

Considering a transition from Direct to CSP Indirect? Let’s delve into how to make the switch smoothly for optimal success through CSP Indirect.

An Introduction to Microsoft Office 365 Security
  • 30 July 2019
  • Bala Sethunathan
  • Managed Security
  • Office 365, Security

An Introduction to Microsoft Office 365 Security

Microsoft makes its role clear when it comes to Office 365 security. Learn more about what they offer and what you will need to provide.