In doesn’t make difference which cloud vendor you have chosen as the platform. All of them follow the shared responsibility model.
What does it mean?
It means the cloud provider has the security responsibility of the cloud and cloud customer has the security responsibility in the cloud.
|Shared responsibility model||Shared responsibility model||Shared responsibility model||Shared responsibility model|
What is customer responsible for?
- Configure the access to the resources e.g. servers
- Responsible for operating system hardening of the servers
- Ensure the disk volume has been encrypted
- Determine the identity and access permissions of specific resources
Who should take care of security?
In companies where they up and run services/application on the cloud, the responsible teams have to have enough knowledge about the security on the cloud.
and Enterprise architect
|Ensure cloud services they use are designed and deployed with security.|
and SRE Teams
|Ensure security introduced into the infrastructure build pipeline and the environments remain secure post-production.|
|InfoSec Team||Secure systems|
In which step of the project the security have to be applied?