Cloud Technology

How does the Shared Responsibility Model apply to IaaS, and where exactly does the security line between the cloud provider and the customer sit?

RA Asked by Rachel Evans · 12-02-2023
0 upvotes 1,923 views 0 comments
The question

We are designing our cloud security framework for our IaaS deployment, and understanding the Shared Responsibility Model is critical. We know the provider secures the physical facility, but where does the line cut off regarding areas like the Operating System, the virtualization layer, Identity and Access Management (IAM), and data encryption? I need clarity on which elements we, the customer, are fully accountable for to avoid any gaps in our enterprise's security posture and compliance.

3 answers

0
JE
Answered on 25-03-2023

In the IaaS Shared Responsibility Model, the cloud provider is responsible for "Security of the Cloud"—covering the physical facility, physical network, and the virtualization layer (hypervisor). The customer is responsible for "Security in the Cloud." This includes the Operating System (guest OS patching and configuration), the application code, the runtime, all data encryption (at rest and in transit), network configuration within the virtual network (VPC), and especially Identity and Access Management (IAM) for all users and services. Any unpatched OS vulnerability or misconfigured IAM policy is the customer's accountability, making it crucial to implement strict patching and access control protocols.

 

0
DA
Answered on 10-04-2023

Regarding data encryption, since the provider handles storage infrastructure, does the IaaS provider automatically encrypt data at rest, or is the customer strictly responsible for implementing and managing the encryption keys for all storage volumes and objects?

 

RA 25-04-2023

While most major IaaS providers offer default encryption for block and object storage volumes, the customer is responsible for ensuring it is enabled and often has the option (and responsibility for security) of using Customer-Managed Keys (CMK) via a service like a Key Vault. Best practice dictates that the customer takes ownership of managing these encryption keys, as this is a fundamental component of securing their data and maintaining full control as mandated by the Shared Responsibility Model in a highly regulated enterprise environment.

0
MA
Answered on 05-09-2024

The IaaS provider secures the physical infrastructure and virtualization. The customer is responsible for securing the Operating System, applications, all data encryption, and managing Identity and Access Management (IAM). This customer responsibility is a key differentiator from the PaaS model.

DA 20-09-2024

That's right. The customer must also manage the configuration of virtual firewalls and Network Security Groups within the virtual network provided by the IaaS platform to control traffic flow and access to their virtual machines.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session