BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

Modern Infrastructure

Data center water use grows

ashumskiy - Fotolia

Manage Learn to apply best practices and optimize your operations.

Shared responsibility necessary to secure AWS resources

Whether deploying third-party tools or simply managing permissions, the responsibility of securing cloud resources belongs to the entire IT staff.

AWS introduced its public cloud nearly 10 years ago. And since then, the number of associated products and services has exploded at breakneck pace. Still, despite all its developments and evolution, many enterprises continue to list security among their major concerns with public clouds like that from AWS.

Amazon Web Services (AWS) maintains a "shared responsibility" stance to public cloud security. The cloud provider secures the infrastructure, while enterprise IT teams are responsible for securing workloads, data and applications that run on the infrastructure -- this is no easy task.

"Shared security is really incumbent upon the tenets in infrastructure as a service (IaaS) offerings like AWS -- that they continue to carry a fair amount of the responsibility," said Jim Reavis, co-founder and CEO of the Cloud Security Alliance. "That also gives [public cloud providers] the flexibility to have a fairly vanilla offering that you can do a lot with."

Enterprises need an independent viewpoint and layered defense in their cloud strategies and architectures. Relying on a single cloud-specific vulnerability assessment from your IaaS provider isn't a sound decision, as that provider may not be objective. Thus, third-party security tools are the way to go.

Entire segments of the market, such as security as a service tools and cloud access security brokers, have developed to help enterprises secure AWS workloads. Within the AWS Partner Network alone, there are approximately 176 Technology Partners aimed specifically at security and compliance within AWS public cloud. While certain companies are comfortable building in-house tools to secure AWS, most turn to third-party tools from vendors such as SumoLogic, AlertLogic, Pertino, CloudPassage and evident.io.

Eliminating the appliance and using service delivery for security is attractive to enterprises. While the security appliance approach forced companies to make architectural decisions and often route traffic inefficiently, security as a service tools are "faster, cheaper and more agile," Reavis said.

The best way to handle security in the public cloud is to "let large IaaS vendors handle the virtual private cloud and virtual machine management, then layer third-party tools on top of that," Reavis said.

Article 7 of 12

Dig Deeper on AWS security

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

This "shared responsibility" model isn't exclusive to AWS. It needs to be considered regardless of the cloud provider, and regardless of IaaS | PaaS | SaaS services. Ultimately, customers own their availability. 
Cancel
I have to agree with Brian that shared responsibility is a must pretty much any time you’re working with Anything as a service. Cloud services are a good example because it’s easy to show the importance of shared responsibility when you’re sharing a server with another entity of which you are not aware.
Cancel

Get More Modern Infrastructure

Access to all of our back issues View All

-ADS BY GOOGLE

SearchAppArchitecture

SearchCloudComputing

SearchSoftwareQuality

SearchITOperations

Close