How is host infrastructure a shared responsibility in cloud computing?

0

Host infrastructure is said to be a shared responsibility according to https://www.cisecurity.org/insights/blog/shared-responsibility-cloud-security-what-you-need-to-know and https://learn.microsoft.com/es-es/archive/blogs/azuresecurity/what-does-shared-responsibility-in-the-cloud-mean.

My Confusion: I thought "host infrastructure" refers to compute, network, and storage components that are physical, which are solely provided, and maintained by the cloud provider.

Please help me understand why/how host infrastructure is a shared responsibility in cloud computing.

asked a year ago407 views
3 Answers
1
Accepted Answer

"host infrastructure" ... the infrastructure on which you are relying for the hosting of your services... includes servers, virtual machine environments, networking devices (both software-defined and hardware-defined), application gateways, firewalls, cloud hardware security modules, etc... basically... all the IaaS components you will be using.

Shared: It also includes (for example) operating systems on the networking equipment and hypervisors running on the hardware. The CSP often manages patches and updates to the VMs, firewalls, network devices, etc for you. You might apply various configurations on these and install various software on the servers. Such software can compromise the security of the system, so you have to do it responsibly. For network devices, you will configure public access to your VPC (for example), and it's your responsibility to make that this is done without making the infrastructure insecure e.g. leaving SQL Server ports accessible on a public EC2 instance. These applications that you install and expose to the internet can be exploited. For PaaS, if you look at S3, AWS will be ensuring that S3 infrastructure is secure (patched, and ensuring that the security features and encryption are working) but you might leave your bucket open to public access by incorrectly configuring things.

MlandaT
answered a year ago
profile picture
EXPERT
reviewed 9 months ago
1

With all cloud service providers answering the question of who is responsible for what will depend on the specific service in question and whether it falls into the category of IaaS, PaaS, or SaaS. You can see that illustrated in the following diagram:

Enter image description here

This diagram is excerpted from the following blog post which provides additional context: https://aws.amazon.com/blogs/industries/applying-the-aws-shared-responsibility-model-to-your-gxp-solution/

AWS
MattZ
answered a year ago
0

Hi - This should provide an in depth overview of Shared Responsibility Model https://aws.amazon.com/compliance/shared-responsibility-model/

profile pictureAWS
EXPERT
answered a year ago
  • Hi Nitin.

    1. According to this AWS document you provided, the infrastructure is NOT a shared responsibility in the cloud.
    2. This contradicts CompTIA, CISecurity, and some other cloud vendors.
    3. Should I accept that different vendors/institutions are in conflict/disagreement on this point? Or is there some nuance that is preventing me from understanding that infrastructure is a shared responsibility?

    By the way, many thanks for the document link. It is a really good read: easy, clear, well-organized, and friendly formatting.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions