Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does a shared responsibility model work in multicloud?

Many public cloud providers share security responsibilities with their users. But how does that work in a multicloud model?

When an organization moves data or applications to the public cloud, its security responsibilities do not fully...

shift to the cloud provider. Instead, cloud users and providers adopt a shared responsibility model. As a general rule, the cloud provider is responsible for securing the cloud infrastructure, including the network, servers, databases and storage. At the same time, the cloud user maintains security responsibilities for apps, data and other IT components that are hosted on the cloud platform. Cloud providers like Amazon Web Services describe this as a "shared responsibility model."

The shared responsibility model is even more pronounced in multicloud computing because the attack surface is larger.

For example, suppose a cloud user provisions a virtual machine instance. The cloud provider must secure the server, storage and other underlying resources. To do this, the provider might update firmware or ensure its data center facilities are physically secure. However, it's the users' responsibility to securely deploy and configure the applications or operating systems running on that cloud platform.

In a shared responsibility model, the user must also set firewall and network configurations, implement the correct identity and access management (IAM) posture and perform other tasks. If unencrypted data is stolen through an open network port without a firewall, because the user did not configure those resources, the cloud provider is not responsible.

The shared responsibility model is even more pronounced in multicloud computing because the attack surface is larger; IT teams must account for multiple cloud infrastructures and providers. As organizations adopt and integrate multiple clouds, it's even more critical to establish secure data storage, implement comprehensive IAM models and address application security flaws.

Deployment automation will help organizations provision appropriate instances and deploy well-tested and properly configured base images, such as Amazon Machine Images. Similarly, log systems, such as Amazon CloudWatch, should gain popularity due to application tracking or data access for immediate alerting or forensic analysis of malicious behaviors.

Next Steps

Find out what your cloud security responsibilities are

How shared security responsibility protects your cloud

Secure your AWS cloud with shared responsibility

This was last published in April 2016

Dig Deeper on Data security in the cloud

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What problems have you encountered with shared security responsibilities?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

SearchWindowsServer

SearchCRM

Close