What Is Cloud Security & The Shared Responsibility Model?

Let’s first review the differences between security in the cloud versus a traditional data center.

A traditional data center, which houses information onsite, includes physical infrastructure such as servers, routers, hardware and cooling systems. These centers are secured through a variety of ways, including physical steps such as alarms and security staff and software measures such as the implementation of firewalls and multi-factor authentication. In this type of model, the business or organization is responsible for the data.

The cloud, on the other hand, allows for the storage of data on a network of remote servers that are hosted by a third party, such as Amazon, Google or Microsoft.

Cloud security refers to technology that protects this data from internal and external risks; it’s important to note that some of these measures may also be used in traditional data centers. Examples of cloud security include anti-virus software, multi-factor authentication, cloud-based archiving solutions, encryption, data compliance solutions, software-as-a-service (SaaS) and virtual private networks (VPNs).

When it comes to cloud security, a shared responsibility model is often a beneficial solution; this refers to an agreement between the hosting provider and the business or organization that outlines which entity is responsible for what when it comes to security.

In a cloud shared responsibility model, the cloud provider is responsible for the security of the cloud itself, whereas the user is responsible for the security of the data stored within the cloud.

This, however, is a general definition, and the specifics of a shared responsibility model may differ depending on the provider. Even then, there may be some gray areas of responsibility that can lead to some confusion.

For example, Amazon’s Shared Responsibility Model details the following responsibilities between the cloud service provider and user:

• Amazon Web Services — Responsible for protecting the infrastructure, which includes hardware, software, networking and facilities that run the cloud services
• Customer/user — Responsibilities are determined by the type of services that are selected. For example, Amazon Elastic Cloud Compute (EC2) is an Infrastructure as a Service (IaaS); customers are responsible for security configurations, management tasks, updates, security patches and software or utilities installed by the customer.

Responsibilities will differ depending on the type of cloud service model.

Software as a Service (SaaS)*

In this popular model, vendors are typically responsible for infrastructure, application management and security, including access, servers, networking, data storage, updates and patches. The customer is responsible for the information and data, the devices on which the applications are accessed and any accounts and identities. Examples of SaaS models include Salesforce, Microsoft 365, Google Workspace, Zoom and Shopify.

Infrastructure as a Service (IaaS)

The IaaS model enables customers to access on-demand computing resources that are easily scalable. The cloud service provider manages the infrastructure, and users only pay for what they need.

Cloud security is a shared responsibility with the provider handling the resources, hardware, patches, storage and other aspects of the physical network. Customers are responsible for user access, data security, applications, the operating system and virtual network controls.

Platform as a Service (PaaS)

PaaS provides a model that enables users to develop, test and deploy applications to scale without investing in the hardware or software needed. PaaS provides everything in a “pay-as-you-go” model — including the infrastructure, operating systems and tools.

*This section includes information from Microsoft, Google and IBM.

A cloud service provider brings specialized knowledge, expertise, experience and resources to the table, all of which users can leverage to ensure their data is as safe and secure as possible.

CSPs focus 24/7 on the cloud, which means they not only devote significant resources to maintaining security, but they are up to date on the latest technology, patches, potential risks and security measures.

A shared responsibility model can also remove some of the burden from your IT team, which can free up employees to tackle other important projects or challenges.

One of the best ways to ensure the safety and security of your data is through a comprehensive archiving solution. We encourage you to request a free copy of our eBook How to Choose the Best Email Archiving Solution for more information, and don’t hesitate to reach out to a member of the Intradyn team with any questions.