topic Re: Cloud Shared Responsibility Model in Cloud Security

Cloud Shared Responsibility Model

OliLue — Mon, 09 Oct 2023 10:27:28 GMT

Hi together,

during my study I'm using the CISSP Book: Certified Information Security Professional 9 Edition.

In the chapter Managed Services in the Cloud is the shared responsibility model explained.

I the SaaS Model the data is in the responsibility of the cloud vendor. (In the text it is called responsibility). In the figure (Figure 16.1), "managed by vender" is mentioned.

From my point of view, the customer is always the owner of the data and in so he will always be responsible for it.

Or is the meaning of "data" in this book different, for example configuration data.....

Hope you could help me.

Best regards

OliLue

Re: Cloud Shared Responsibility Model

JoePete — Sun, 26 Feb 2023 18:08:41 GMT

@OliLue wrote:
From my point of view, the customer is always the owner of the data and in so he will always be responsible for it.

It might help to think of, "data" as the container for information (rather than equating "data" and "information"). Also, just because you own something doesn't mean only you have full responsibility. You might own your car, but when you store it in a garage, the garage assumes some responsibility. When you store your information with someone, that someone has some responsibility.

Re: Cloud Shared Responsibility Model

Steve-Wilme — Mon, 27 Feb 2023 13:28:03 GMT

Most CSPs refer to anything that persists data as storage. And yes the CSP is responsible for their infrastructure, but data belonging to the customer organisation in the Cloud remains the responsibility of the customer. See https://aws.amazon.com/compliance/shared-responsibility-model/

Re: Cloud Shared Responsibility Model

OliLue — Tue, 28 Feb 2023 20:16:41 GMT

Thanks for your response.

Re: Cloud Shared Responsibility Model

OliLue — Tue, 28 Feb 2023 20:17:19 GMT

Thanks, also for the link

Re: Cloud Shared Responsibility Model

mickalkalso002 — Tue, 18 Apr 2023 09:54:48 GMT

The Cloud Shared Responsibility Model is a framework that defines the responsibilities of both cloud service providers and customers in ensuring the security of cloud computing environments. In this model, the cloud service provider is responsible for the security of the cloud infrastructure, including the physical security of data centers, network security, and the security of the hypervisor and underlying operating system. Meanwhile, the customer is responsible for securing their data and applications within the cloud environment, including access management, data encryption, and network security configurations. It is important for both the cloud service provider and customer to understand their respective responsibilities in order to effectively manage security risks and ensure the protection of sensitive data in the cloud.