cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
OliLue
Newcomer III

Cloud Shared Responsibility Model

Hi together,

 

during my study I'm using the CISSP Book: Certified Information Security Professional 9 Edition.

In the chapter Managed Services in the Cloud is the shared responsibility model explained. 

 

I the SaaS Model the data is in the responsibility of the cloud vendor. (In the text it is called responsibility). In the figure (Figure 16.1), "managed by vender" is mentioned.

From my point of view, the customer is always the owner of the data and in so he will always be responsible for it.

Or is the meaning of "data" in this book different, for example configuration data.....

 

Hope you could help me.

 

Best regards

OliLue

5 Replies
JoePete
Advocate I


@OliLue wrote:

From my point of view, the customer is always the owner of the data and in so he will always be responsible for it.


It might help to think of, "data" as the container for information (rather than equating "data" and "information"). Also, just because you own something doesn't mean only you have full responsibility. You might own your car, but when you store it in a garage, the garage assumes some responsibility. When you store your information with someone, that someone has some responsibility.

Steve-Wilme
Advocate II

Most CSPs refer to anything that persists data as storage.  And yes the CSP is responsible for their infrastructure, but data belonging to the customer organisation in the Cloud remains the responsibility of the customer.  See  https://aws.amazon.com/compliance/shared-responsibility-model/

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
OliLue
Newcomer III

Thanks for your response.
OliLue
Newcomer III

Thanks, also for the link
mickalkalso002
Viewer II

The Cloud Shared Responsibility Model is a framework that defines the responsibilities of both cloud service providers and customers in ensuring the security of cloud computing environments. In this model, the cloud service provider is responsible for the security of the cloud infrastructure, including the physical security of data centers, network security, and the security of the hypervisor and underlying operating system. Meanwhile, the customer is responsible for securing their data and applications within the cloud environment, including access management, data encryption, and network security configurations. It is important for both the cloud service provider and customer to understand their respective responsibilities in order to effectively manage security risks and ensure the protection of sensitive data in the cloud.