When you work with the AWS Cloud, managing security and compliance is a shared responsibility between AWS and you. To depict this shared responsibility, AWS created the shared responsibility model. The distinction of responsibility is commonly referred to as security of the cloud as compared to security in the cloud.
Security and compliance are a shared responsibility between AWS and you.
AWS responsibility
AWS is responsible for security of the cloud. This means that AWS protects and secures the infrastructure that runs the services offered in the AWS Cloud. AWS is responsible for the following
-Protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings
-Managing the hardware, software, and networking components that run AWS services, such as the physical servers, host operating systems, virtualization layers, and AWS networking components
The level of responsibility that AWS has depends on the service. AWS classifies services into two categories.
Customer responsibility
Customers are responsible for security in the cloud. When using any AWS service, the customer is responsible for properly configuring the service and their applications, in addition to ensuring that their data is secure.
Due to the varying levels of effort, customers must consider which AWS services they use and review the level of responsibility required to secure each service. They must also review how the AWS shared responsibility model aligns with the security standards in their IT environment in addition to any applicable laws and regulations.
A key concept is that customers maintain complete control of their data and are responsible for managing the security related to their content.
Choosing a Region for AWS resources in accordance with data sovereignty regulations
Implementing data-protection mechanisms, such as encryption and scheduled backups
Using access control to limit who can access your data and AWS resources
Top comments (0)