Hey, everybody. And welcome back and this lecture, we're gonna be covering the shared responsibility model.
So the shared responsibility model is actually one of the more important topics of the course. Ah, it's going to be tested on. And the example you want to make sure you review the resource is that I attached to this lecture.
Ah, but basically, this lecture is just gonna kind of summarize what it is kind of help you get a better understanding of what you'll be reading.
Ah, the shared responsibility model basically determines what's eight of us is responsible for and what you are responsible for. This diagram you see here on the right shows on the bottom and that eight of us is responsible for the security off the cloud. And you, the customer, are responsible for the security in the cloud.
And what I mean by that
is when you think of of the cloud, you gotta think of the hardware and the global infrastructure. You gotta think of the software and the operating systems that are running the service is that are available to you, and then the things that you put inside of the cloud your data
your applications may be your other operating systems, like your guest operating systems. Or,
um, maybe you're trying to host the website and you're trying to throw my sequel something like that. And it's not an easy to instance that's your responsibility. But if you are using Amazon stuff like S3 already yes, elastic being stock, whatever look,
or something like that. Ah,
elastic means stock. What have you
that is going to be covered under the eight of us, Umbrella of their responsibility. So
it abyss manages the security of the cloud. You managed the security in the cloud. You are in control of your data, your client's data. You're you're also responsible for the security controls that you put into the cloud infrastructure that your building And the good thing is that
these security controls that you would place
on premise are very similar to the ones that you would place in the cloud That really doesn't change too much. There is a little bit of ah, paradigm shift. Maybe because you're going global, so you may have to think a little bit bigger in that sense. But the overall idea of security
and how you would design or build or implement it in your
local warehouse is similar to how you would implement it in the cloud as well. And those security controls are available to you.
So just recapping it abuse responsibility is going to cover the host operating system. They're gonna cover the virtual ization layer and the global infrastructure. So physical security for the availability zones and educations
and the security between communication between all these sites of the networking. In between all that,
um, they're also going to cover the security for the software of a tibia. Service is such as S three rd s elastic mean stock. This does not necessarily include easy to things that you're going to be building within. Easy to are still your responsibility. However, uh, this is like a guest
resource. Thes thes. Ah, am I that you're gonna be building within easy to
those were gonna be, Ah, just a section of us of a very large server. So
ah, very large servers obviously gonna be secured under eight of us. But what what cut of that server you get So the you know, imagine it's a pie. You get a slice of the pie,
your slice of the pie is your responsibility. However, the rest the pie is still the responsibility of eight of us, if that makes sense. So we will be securing the things that we put in the cloud, the things that we build on the cloud. But anything outside of that
anything that is managing on a much larger scale
Ah, that will be the responsibility of eight of us
and ah, moving over to your responsibility. So we talked about guest operating systems. This includes the security controls and the patching of the operating system and software.
That's that's on you. Firewalls, encryption data, integrity, authentication.
Those are all gonna be on us. Well, ah, Networking, traffic security. This isn't between your availability zones and your education's. This is more so
if you're designing VP sees which we won't be talking about too much in this course. But ah, basically, it's your own private submit in the cloud s O. If you do have multiple private sub nets, the security between those that is your responsibility,
that is not it of us. If you do not implement proper security controls
when communicating a devious service's together or between the cloud and your own promise environments.
Um, that is on you That is not on them.
So make sure you guys implement that
I am, which is identity access management. So you go see you create a user user, has excessive permissions, and the credentials for the user got leaked out onto the web. Somehow,
that would also be on you. So
make sure you're practicing least privilege. Make sure you are rotating roles so that, you know, people don't have rules all the time, and that's only they're only provided theat access to certain service is when they need it. So those common sense
old school practices that we've been following for a long time, they still apply to the cloud. And then, of course, the data that you placed in the cloud is your responsibility. That is not eight of us is. All right, everybody, that about sums up this lecture. I will see you guys in the next one