so as to offer the\ncustomers with security capabilities as per their needs.<\/p>\n\n\n\n
Multiple and varied AWS cloud services, emphasizes, demarcating\nresponsibility between customer and AWS. <\/p>\n\n\n\n
- AWS is responsible for the physical security of\nthe facilities as well as the infrastructure that includes compute, database,\nstorage and networking resources. <\/li>
- The customer is responsible for software, data\nand access that sits on top of the infrastructure layer.<\/li><\/ul>\n\n\n\n
![\"Shared](\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/07\/define-the-aws-shared-responsibility-model-750x373.png\")
<\/figure><\/div>\n\n\n\nAWS Security Responsibilities<\/h2>\n\n\n\n
In general, AWS considers itself responsible for the\nsecurity of the cloud as a whole, while customers should maintain\nresponsibility for the security of their specific instances.<\/p>\n\n\n\n
- AWS Hardware\/Global Infrastructure: this\nincludes regional, available, and edge zones of Amazon’s cloud infrastructure.\nThis is done through physical security protections, and constant IT\nmaintenance.<\/li>
- AWS Software (Computation, Storage, Database,\nNetworking): Amazon guarantees a secure software platform across all of its\nservices. This aspect of Amazon\u2019s responsibility also refers to AWS security\nservices built by Amazon for use by customers. This can include encryption keys,\nnetwork monitoring tools, database protection, and more.<\/li><\/ul>\n\n\n\n
Customer Security Responsibilities<\/h2>\n\n\n\n
In general, AWS considers itself responsible for the\nsecurity of the cloud as a whole, while customers should maintain\nresponsibility for the security of their specific instances.<\/p>\n\n\n\n
- AWS Hardware\/Global Infrastructure: this\nincludes regional, available, and edge zones of Amazon’s cloud infrastructure.\nThis is done through physical security protections, and constant IT\nmaintenance.<\/li>
- AWS Software (Computation, Storage, Database,\nNetworking): Amazon guarantees a secure software platform across all of its\nservices. This aspect of Amazon\u2019s responsibility also refers to AWS security\nservices built by Amazon for use by customers. This can include encryption keys,\nnetwork monitoring tools, database protection, and more.<\/li><\/ul>\n\n\n\n
![\"aws](\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/07\/define-the-aws-shared-responsibility-model-01-750x377.png\")
<\/figure><\/div>\n\n\n\nShared Security Responsibilities<\/h2>\n\n\n\n
AWS provides the requirements for the infrastructure and the\ncustomer must provide their own control implementation within their use of AWS\nservices:<\/p>\n\n\n\n
- IT Controls: Not only are IT operations shared\nbetween AWS and its customers, so are the management and operations of said\ncontrols. AWS can help with moderating the customer burden of security methods\nlike firewall maintenance, network level encryption, while also overseeing IT\ncontrols deployment to ensure proper adherence to AWS security regulations.<\/li>
- Patch Management: AWS is responsible for\npatching and fixing flaws within the infrastructure, but customers are\nresponsible for patching their guest OS and applications.<\/li>
- Configuration Management: AWS maintains the\nconfiguration of its infrastructure devices, but a customer is responsible for\nconfiguring their own guest operating systems, databases, and applications.<\/li>
- Awareness & Training: AWS trains AWS\nemployees, but a customer must train their own employees.<\/li>
- Customer Specific: Controls which are solely the\nresponsibility of the customer based on the application they are deploying\nwithin AWS services.<\/li>
- Service and Communications Protection: or Zone\nSecurity which may require a customer to route or zone data within specific\nsecurity environments.<\/li><\/ul>\n\n\n\n
Customers should <\/p>\n\n\n\n
- implement access control policies using AWS IAM<\/li>
- configuring AWS Security Groups (firewall) to\nprevent inappropriate access to ports<\/li>
- enabling AWS CloudTrail<\/li><\/ul>\n\n\n\n
Customers are also responsible for <\/p>\n\n\n\n
- enforcing appropriate data loss prevention\npolicies for compliance with internal and external policies, <\/li>
- Detecting and remediating threats arising from\nstolen account credentials or malicious\/accidental misuse of AWS.<\/li><\/ul>\n\n\n\n
Amazon is focused on securing its software, hardware, and\nthe facilities where AWS services are located. Amazon\u2019s responsibilities\ninclude securing its <\/p>\n\n\n\n
- Computing<\/li>
- Storage<\/li>
- Networking<\/li>
- database services<\/li>
- security configuration of AWS managed services\nlike DynamoDB, RDS, Redshift, Elastic MapReduce, Workspaces, etc.<\/li><\/ul>\n\n\n\n
AWS Shared Responsibility Model Summary <\/h2>\n\n\n\n
\n \n <\/td> \n Customer \n <\/td> \n AWS\n <\/td><\/tr> \n Preventing or detecting when an AWS account has been compromised \n <\/td> \n x \n <\/td> \n \n <\/td><\/tr> \n Preventing or detecting a privileged or regular AWS user behaving in\n an insecure manner \n <\/td> \n x \n <\/td> \n \n <\/td><\/tr> \n Configuring AWS services (except AWS Managed Services) in a secure\n manner \n <\/td> \n x \n <\/td> \n \n <\/td><\/tr> \n Restricting access to AWS services or custom applications to only\n those users who require it \n <\/td> \n x \n <\/td> \n \n <\/td><\/tr> \n Updating Guest Operating Systems and applying security patches \n <\/td> \n x \n <\/td> \n \n <\/td><\/tr> \n Ensuring AWS and custom applications are being used in a manner\n compliant with internal and external policies \n <\/td> \n x \n <\/td> \n x\n <\/td><\/tr> \n Ensuring network security (DoS, MITM, port scanning) \n <\/td> \n x \n <\/td> \n x\n <\/td><\/tr> \n Configuring AWS Managed Services in a secure manner \n <\/td> \n \n <\/td> \n x\n <\/td><\/tr> \n Providing physical access control to hardware\/software \n <\/td> \n \n <\/td> \n x\n <\/td><\/tr> \n Providing environmental security assurance against things like mass\n power outages, earthquakes, floods, and other natural disasters \n <\/td> \n \n <\/td> \n x\n <\/td><\/tr> \n Database patching \n <\/td> \n \n <\/td> \n x\n <\/td><\/tr> \n Protecting against AWS zero day exploits and other vulnerabilities \n <\/td> \n \n <\/td> \n x\n <\/td><\/tr> \n Business continuity management (availability, incident response) \n <\/td> \n \n <\/td> \n x\n <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
![\"define](\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/07\/define-the-aws-shared-responsibility-model-02.png\")
<\/figure><\/div>\n\n\n\n