Amazon Web Services Security– Understanding Shared Responsibility Environment
Amazon Web Services or AWS is offered by Amazon.com, a popular online international electronic commerce company. AWS is a collection of remote (cloud) computing services and offers unparallel cost efficient advantages to users who wish to migrate or partially offload their data in the cloud. Amazon is giving its infrastructure As a Service (IAAS) to its customers. Amazon EC2 (Elastic Compute Cloud) and Amazon S3 (Simple Storage Service) are the two most popular services under the brand name of AWS.
When any user uses infrastructure of Amazon the security concern is not shifted to them but is shared between the two. The Amazon lays some guidelines under the “Shared Responsibility Environment” philosophy. It can be compared with a handshake scenario when both parties come to an agreement over an issue. We will analyze this shared model concept in depth.
Amazon has deployed server all around the world with many Edge locations and Regions around the world. In this shared security model the hand is first extended by Amazon with the following among other Security responsibilities:
Securing of the Physical premises where the data centers are situated with best security practices that are followed around the world.
Authentication and authorization of the people employed in the premise where the server is located at least two times before granting them certain privileges.
Ensuring and isolating your virtual server from the rest and all the computing and storage resources by default is protected in such a way that only the account holder can see it.
Use of Encryption such as https/SSL encryption to insure the authenticity of the user before the user can gain access to the cloud storage space, among other barrier to protect the user from external threats.
Now the second hand is extended by the customers who agree with the security arrangement of the Amazon and the onus lies onto them to complete the handshake by ensuring security from their end.
Everything that you store in the Amazon cloud is by default is private and is only visible to the account holder and if that account holder chooses to make it public with certain privileges via which other can make modification to it, then it is completely up to the customer to rectify such issues and Amazon will not be responsible for any loss of data because the security “breach” is created from your end. So the user needs to makes it sure to set the policies accordingly.
That is why Amazon called this as Shared Responsibility Model as the final security policy is ultimately set by the user and everything that Amazon has provided by default gets overwritten.
The Amazon provides certain premium option to choose from to beef up your security measures and to enhance the security level to match your organizational requirement. User can go through the Amazon Marketplace to buy additional application to enhance the security of their data. Hope by now you have a sound understanding of Amazons Shared Responsibility Environment Model.