With modern infrastructure, services and applications deployed between on premise networks and the cloud – it can be confusing on what needs to be secured and what doesn’t. This is why the Shared Responsibility Model was created.
The Shared Responsibility Model was developed by major cloud service providers to document who is responsible for carrying out which operational tasks in the cloud. It sounds simple, but it can sometimes be quite complex and how responsibilities are defined varies greatly across different CSPs and deployment types. These responsibilities are often subject to change based on how your strategy pans out – and if you use multiple CSPs, it can become bedlam!
The CSP is typically responsible for the security of the cloud piece (the infrastructure). You are responsible for security in the cloud (data).
Data is my responsibility? I would’ve thought that was the CSP?
Yes – this is where things get a little fuzzy. Data is the customer’s responsibility under the Shared Responsibility Model, as mentioned, but many businesses and even some thought leaders believe it may possibly fall under the CSP. For example, take a look at some of these findings:
- In CISO MAG’s Cloud Security survey, 40% said it is the responsibility of the cloud user and 76% said the cloud service provider is entirely responsible for the security of the cloud.
- This report by McAfee indicates that 69% of CISOs trust their cloud providers to keep their data secure and 12% believe cloud service providers are solely responsible for securing data.
- This Gartner report states, “In nearly all cases, it is the user—not the cloud provider—who fails to manage the controls used to protect an organization’s data.”
So what’s the right answer? What do we need to do?
In conclusion, it would be better to have an overlap in security coverage than any gaps (hackers are pretty good at exploiting those!)
According to the Shared Responsibility Model – protecting organizational data is always up to you.
From here, areas of responsibility become dependent on your deployment and cloud service providers. This table based on Center for Internet Security provides a general idea of the duties and responsibilities divided between customer and supplier.
At HostedBizz we take the security of your data seriously. This is why we offer a full suite of cloud based data protection solutions to ensure that you’re well protected against unexpected data loss. We use state of the art security monitoring, paired with best in class Tier III data centers to support all our client infrastructure needs.