Understanding the Shared Responsibility

Model for Cloud Security.

Home » Blog » Cloud » Understanding the Shared Responsibility Model for Cloud Security

Last updated September 19th, 2023 by Avigdor Book

Cloud Cybersecurity Tech Partners

Cloud computing has become a vital component of our digital lives, powering everything from
our personal emails to the applications we use at work. This paradigm shift from on-premises data
centers to the cloud has made understanding the shared responsibility model crucial. This model
delineates the security responsibilities of cloud service providers (CSPs), such as Microsoft
Azure, and their customers in maintaining cloud security and safeguarding against vulnerabilities.

What is the Shared Responsibility Model?

In a shared responsibility model, cloud security is a joint effort between the CSP and the
customer. The CSP is responsible for securing the cloud infrastructure, including the software,
hardware, networking components, and virtualization layer. They also handle physical security
of the cloud resources. On the other hand, the customer is responsible for securing the apps they
deploy in the cloud, managing their data security, and handling identity and access
management (IAM) permissions.

Let’s consider an example. In the AWS shared responsibility model, Amazon Web Services
provides a secure cloud infrastructure and services, while the customer is responsible for securing
their data, applications, and operating system within that environment. This includes patching,
lifecycle management, and alerting for security risks within their cloud-native applications.

Shared Responsibility across Different Cloud Services

The exact distribution of responsibilities varies with different cloud services:
1
• Software as a Service (SaaS): In SaaS models likeWelcome back!
Salesforce, theWhat
CSPcan we
manages most of the
help you with today?
security aspects, including the applications, operating system, infrastructure, and API
 endpoints. The customer’s responsibility is primarily around managing their data, user access
controls, and handling potential misconfigurations.

• Platform as a Service (PaaS): In PaaS models such as Azure, the CSP manages the underlying
infrastructure and runtime environment, including serverless components and the security of
the cloud. The customer is responsible for securing the applications they develop and deploy,
as well as their data.

• Infrastructure as a Service (IaaS): In IaaS models like AWS or Google Cloud, the customer
has more responsibilities, including securing their data, applications, operating system, and
certain aspects of the network controls.

Why is the Shared Responsibility Model Important?

The shared responsibility model is vital for several reasons:

• Clarifies Responsibilities: It demarcates what aspects of security are handled by the CSP and
what falls under the customer’s purview, such as IAM and authentication. This clarity helps
avoid gaps in security coverage.

• Facilitates Compliance: Many industries require compliance with specific data protection and
cybersecurity regulations. Understanding who is responsible for what helps organizations
maintain compliance and acquire necessary certifications.

• Promotes Security: By sharing the responsibility, both the CSP and the customer play active
roles in ensuring a secure cloud environment, reducing the risks of data breaches.

Tufin and Shared Responsibility Model

Tufin helps organizations navigate their security responsibilities in a shared responsibility model.
Tufin’s Orchestration Suite provides visibility, analysis, and automation to manage security
policies across different cloud environments, including multi-cloud setups. This can help
organizations secure their workloads and data in the cloud, as outlined in this Swisscom case
study.

Conclusion
The shared responsibility model is a fundamental aspect of cloud security. While CSPs secure the
cloud infrastructure, customers must ensure the security of their workloads, applications, and
data. Tools like Tufin can help manage these responsibilities effectively, ensuring a robust
security posture in the cloud.

FAQs
1. How does the AWS shared responsibility model work?

In the AWS shared responsibility model, AWS is responsible for the security “of” the cloud,
which includes the hardware, software, networking, and facilities. The customer, on the other
hand, is in charge of security “in” the cloud, which encompasses customer data, applications,
and other elements. Read more about how Tufin automates change management for
AWS third party firewalls and Security Groups.

2. What is an example of a shared responsibility model in the cloud?

An example of a shared responsibility model is the SaaS model, where the cloud service
provider manages most of the security aspects, and the customer is mostly responsible for
managing their data and access controls. Here’s an example of a large company managing
their firewall policy and responsibilities.

3. What are the customer responsibilities in the shared responsibility model?

Customers are primarily responsible for securing their data, managing user access, securing the
applications they develop and deploy in the cloud, and sometimes, managing certain aspects of
network controls. Learn more about managing cloud security policies with shared
responsibilities.

Wrapping Up
Regardless of whether you’re using AWS, Azure, or any other public cloud service, a robust
understanding of this model ensures that no aspect of your cloud security is neglected. Click
here for a demo to learn more about how Tufin can manage network security in your multi-
cloud environment.

Don't miss out on more Tufin blogs

Subscribe to our weekly blog digest

First Name

Email

SUBSCRIBE NOW
Related Posts

Optimizing and Simplifying the Firewall Request Process with Tufin

Session Recordings Now Available from Tufinnovate 2024 North America and Europe
& Middle East

15 Cisco Meraki Firewall Best Practices

AWS Network Firewall Best Practices You Should Follow

Top Posts

How to Perform a Firewall Audit – Policy Rules Review Checklist

Understanding AWS Route Table: A Practical Guide

 What is a Firewall Ruleset? How can it help me?

Inbound vs Outbound Firewall Rules: Simplifying Network Security

English

Get the latest Tufin updates

email

SUBSCRIBE

connect with us

Products 

Solutions 

Services 

Resources 

Partners 

Company 
© Tufin 2024 All rights reserved.

Term & Conditions

ABC Handbook

Privacy Center

Vendor Code of Conduct

Export policy