Manage Learn to apply best practices and optimize your operations.

Shared responsibility necessary to secure AWS resources

Whether deploying third-party tools or simply managing permissions, the responsibility of securing cloud resources belongs to the entire IT staff.

This article can also be found in the Premium Editorial Download: Modern Infrastructure: Data center water use grows:

AWS introduced its public cloud nearly 10 years ago. And since then, the number of associated products and services has exploded at breakneck pace. Still, despite all its developments and evolution, many enterprises continue to list security among their major concerns with public clouds like that from AWS.

Amazon Web Services (AWS) maintains a "shared responsibility" stance to public cloud security. The cloud provider secures the infrastructure, while enterprise IT teams are responsible for securing workloads, data and applications that run on the infrastructure -- this is no easy task.

"Shared security is really incumbent upon the tenets in infrastructure as a service (IaaS) offerings like AWS -- that they continue to carry a fair amount of the responsibility," said Jim Reavis, co-founder and CEO of the Cloud Security Alliance. "That also gives [public cloud providers] the flexibility to have a fairly vanilla offering that you can do a lot with."

Enterprises need an independent viewpoint and layered defense in their cloud strategies and architectures. Relying on a single cloud-specific vulnerability assessment from your IaaS provider isn't a sound decision, as that provider may not be objective. Thus, third-party security tools are the way to go.

Entire segments of the market, such as security as a service tools and cloud access security brokers, have developed to help enterprises secure AWS workloads. Within the AWS Partner Network alone, there are approximately 176 Technology Partners aimed specifically at security and compliance within AWS public cloud. While certain companies are comfortable building in-house tools to secure AWS, most turn to third-party tools from vendors such as SumoLogic, AlertLogic, Pertino, CloudPassage and evident.io.

Eliminating the appliance and using service delivery for security is attractive to enterprises. While the security appliance approach forced companies to make architectural decisions and often route traffic inefficiently, security as a service tools are "faster, cheaper and more agile," Reavis said.

The best way to handle security in the public cloud is to "let large IaaS vendors handle the virtual private cloud and virtual machine management, then layer third-party tools on top of that," Reavis said.

This was last published in September 2015

Essential Guide

AWS re:Invent 2015: A guide to Amazon's sold-out event

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

This "shared responsibility" model isn't exclusive to AWS. It needs to be considered regardless of the cloud provider, and regardless of IaaS | PaaS | SaaS services. Ultimately, customers own their availability. 
Cancel
I have to agree with Brian that shared responsibility is a must pretty much any time you’re working with Anything as a service. Cloud services are a good example because it’s easy to show the importance of shared responsibility when you’re sharing a server with another entity of which you are not aware.
Cancel

-ADS BY GOOGLE

SearchCloudApplications

TheServerSide.com

SearchSoftwareQuality

SearchCloudComputing

Close