The objective of the Shared Responsibility Model is to create a secure and compliant computing environment by sharing the security workload. The model addresses the following –
- What is the cloud platform vendor responsible for securing?
- What is the cloud customer organisation responsible for securing?
- Which responsibilities are shared between both parties to create a secure and compliant computing environment?
The 2 graphics below from Microsoft and Amazon provide a good visual representation of the Shared Responsibility Model.
Microsoft’s graphic outlines how responsibilities shift and change as an organisation moves from an on-premise architecture to IaaS, PaaS and SaaS architectures.
Figure 1: Microsoft Shared Responsibility Model
Amazon’s graphic depicts customer’s responsibilities for security “in” the cloud and AWS’ responsibilities for security “of” the cloud.
Making sure your organisation manages its responsibilities as it moves through the different cloud adoption phases can be a challenge. As an organisation transitions the potential for security issues to occur increases as gaps can open up in policies, processes, procedures and security control set.
EduServe in conjunction with SOCITM surveyed over 350 councils in late 2017 and early 2018 to generate the research paper – Local Government cloud adoption in 2018.
The findings highlighted that although it appears ‘cloud first’ thinking has not gained traction in the Local Government sector the actual use of cloud is very healthy. For many UK Councils public cloud is regarded as the core of their technology infrastructure now and for the future. 64% of councils surveyed are using a combination of on-premise and cloud hosted services.
Getting the foundations in place for a smooth transition to use cloud, should encompass regular reviews of your IT Policies, to ensure they reflect the changing nature of your computing environment and help you proficiently manage information security risks with your cloud service provider.
Protocol Policy Systems have assisted a range of organisations adapt and enhance their IT Policy framework to ensure that in adopting cloud, there is total clarity around customer and vendor responsibilities. To view details on our Policy Management as a Service Click Here.
To discuss how our Policy Management as a Service makes policy development, delivery and maintenance easy contact Steve Macmillan.