Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

How is host infrastructure a shared responsibility in cloud computing?

0

Host infrastructure is said to be a shared responsibility according to https://www.cisecurity.org/insights/blog/shared-responsibility-cloud-security-what-you-need-to-know and https://learn.microsoft.com/es-es/archive/blogs/azuresecurity/what-does-shared-responsibility-in-the-cloud-mean.

My Confusion: I thought "host infrastructure" refers to compute, network, and storage components that are physical, which are solely provided, and maintained by the cloud provider.

Please help me understand why/how host infrastructure is a shared responsibility in cloud computing.

Argomenti
Sicurezza, identità e conformità
Tag
Modello di responsabilità condivisa
Lingua
English
waltforbes
posta un anno fa420 visualizzazioni
3 Risposte
1
Risposta accettata

"host infrastructure" ... the infrastructure on which you are relying for the hosting of your services... includes servers, virtual machine environments, networking devices (both software-defined and hardware-defined), application gateways, firewalls, cloud hardware security modules, etc... basically... all the IaaS components you will be using.

Shared: It also includes (for example) operating systems on the networking equipment and hypervisors running on the hardware. The CSP often manages patches and updates to the VMs, firewalls, network devices, etc for you. You might apply various configurations on these and install various software on the servers. Such software can compromise the security of the system, so you have to do it responsibly. For network devices, you will configure public access to your VPC (for example), and it's your responsibility to make that this is done without making the infrastructure insecure e.g. leaving SQL Server ports accessible on a public EC2 instance. These applications that you install and expose to the internet can be exploited. For PaaS, if you look at S3, AWS will be ensuring that S3 infrastructure is secure (patched, and ensuring that the security features and encryption are working) but you might leave your bucket open to public access by incorrectly configuring things.

MlandaT
con risposta un anno fa
profile picture
ESPERTO
Sedat Salman
verificato 9 mesi fa
1

With all cloud service providers answering the question of who is responsible for what will depend on the specific service in question and whether it falls into the category of IaaS, PaaS, or SaaS. You can see that illustrated in the following diagram:

Enter image description here

This diagram is excerpted from the following blog post which provides additional context: https://aws.amazon.com/blogs/industries/applying-the-aws-shared-responsibility-model-to-your-gxp-solution/

AWS
MattZ
con risposta un anno fa
0

Hi - This should provide an in depth overview of Shared Responsibility Model https://aws.amazon.com/compliance/shared-responsibility-model/

profile pictureAWS
ESPERTO
AWS-User-Nitin
con risposta un anno fa
  • waltforbes
    un anno fa

    Hi Nitin.

    1. According to this AWS document you provided, the infrastructure is NOT a shared responsibility in the cloud.
    2. This contradicts CompTIA, CISecurity, and some other cloud vendors.
    3. Should I accept that different vendors/institutions are in conflict/disagreement on this point? Or is there some nuance that is preventing me from understanding that infrastructure is a shared responsibility?

    By the way, many thanks for the document link. It is a really good read: easy, clear, well-organized, and friendly formatting.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente