AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

How is host infrastructure a shared responsibility in cloud computing?

0

Host infrastructure is said to be a shared responsibility according to https://www.cisecurity.org/insights/blog/shared-responsibility-cloud-security-what-you-need-to-know and https://learn.microsoft.com/es-es/archive/blogs/azuresecurity/what-does-shared-responsibility-in-the-cloud-mean.

My Confusion: I thought "host infrastructure" refers to compute, network, and storage components that are physical, which are solely provided, and maintained by the cloud provider.

Please help me understand why/how host infrastructure is a shared responsibility in cloud computing.

주제
보안, 신원 및 규정 준수
태그
공동 책임 모델
언어
English
waltforbes
질문됨 일 년 전420회 조회
3개 답변
1
수락된 답변

"host infrastructure" ... the infrastructure on which you are relying for the hosting of your services... includes servers, virtual machine environments, networking devices (both software-defined and hardware-defined), application gateways, firewalls, cloud hardware security modules, etc... basically... all the IaaS components you will be using.

Shared: It also includes (for example) operating systems on the networking equipment and hypervisors running on the hardware. The CSP often manages patches and updates to the VMs, firewalls, network devices, etc for you. You might apply various configurations on these and install various software on the servers. Such software can compromise the security of the system, so you have to do it responsibly. For network devices, you will configure public access to your VPC (for example), and it's your responsibility to make that this is done without making the infrastructure insecure e.g. leaving SQL Server ports accessible on a public EC2 instance. These applications that you install and expose to the internet can be exploited. For PaaS, if you look at S3, AWS will be ensuring that S3 infrastructure is secure (patched, and ensuring that the security features and encryption are working) but you might leave your bucket open to public access by incorrectly configuring things.

MlandaT
답변함 일 년 전
profile picture
전문가
Sedat Salman
검토됨 9달 전
1

With all cloud service providers answering the question of who is responsible for what will depend on the specific service in question and whether it falls into the category of IaaS, PaaS, or SaaS. You can see that illustrated in the following diagram:

Enter image description here

This diagram is excerpted from the following blog post which provides additional context: https://aws.amazon.com/blogs/industries/applying-the-aws-shared-responsibility-model-to-your-gxp-solution/

AWS
MattZ
답변함 일 년 전
0

Hi - This should provide an in depth overview of Shared Responsibility Model https://aws.amazon.com/compliance/shared-responsibility-model/

profile pictureAWS
전문가
AWS-User-Nitin
답변함 일 년 전
  • waltforbes
    일 년 전

    Hi Nitin.

    1. According to this AWS document you provided, the infrastructure is NOT a shared responsibility in the cloud.
    2. This contradicts CompTIA, CISecurity, and some other cloud vendors.
    3. Should I accept that different vendors/institutions are in conflict/disagreement on this point? Or is there some nuance that is preventing me from understanding that infrastructure is a shared responsibility?

    By the way, many thanks for the document link. It is a really good read: easy, clear, well-organized, and friendly formatting.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠