When you host applications in the public cloud, you assume partial responsibility for securing the application. The cloud provider, for example Amazon Web Services (AWS), secures the physical data center (with locked badge entry doors, fences, guards, etc.) in addition to securing the physical network with perimeter firewalls. This is no significant change from how you secure your corporate datacenter.
Just like you enhance the security of physical and virtual servers in your datacenter with host-based firewalls (ip tables, Windows firewall), anti-virus and intrusion detection, so you must protect your public cloud servers (in AWS parlance – “instances”) with similar security measures. This is the joint or shared security responsibility – AWS secures the physical datacenter and firewalls the network; you, as the AWS customer, secures each instance and its application with host-based firewalls , anti-virus and intrusion detection. In addition, if your public cloud applications must be compliant, such as with PCI regulations, then you can add file integrity monitoring and log file monitoring to each AWS instance.
Security is shared, no blame goes around….Watch my quick demo on how to enhance the security of your AWS instances and applications.
How is security responsibility shared in your organization?