What is Shared Responsibility?
The Shared Responsibility Model is a security and compliance framework that outlines the responsibilities of cloud service providers (CSPs) and customers for securing every aspect of the cloud environment, including hardware, infrastructure, endpoints, data, configurations, settings, operating system (OS), network controls and access rights.
In its simplest terms, the Shared Responsibility Model dictates that the cloud provider—such as Amazon Web Service (AWS), Microsoft Azure, or Google Cloud Platform (GCP)—must monitor and respond to security threats related to the cloud itself and its underlying infrastructure. Meanwhile, end users, including individuals and companies, are responsible for protecting data and other assets they store in any cloud environment.
Unfortunately, this notion of shared responsibility can be misunderstood, leading to the assumption that cloud workloads – as well as any applications, data or activity associated with them – are fully protected by the cloud provider. This can result in users unknowingly running workloads in a public cloud that are not fully protected, making them vulnerable to attacks that target the operating system, data or applications. Even securely configured workloads can become a target at runtime, as they are vulnerable to zero-day exploits.