4.8 Security Responsibilities Across Models

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 48 minutes
Video Transcription
Now, this is a chart that when you look across my sides, I believe this church shows up three separate times. You can absolutely guarantee on the exam.
You will have to determine what is the responsibility of the cloud service provider. What's the responsibility of us as Theo Enterprise? So when you see enterprise responsibility, I want you to think of the cloud customer.
And usually that is us on the exam. Unless they specifically say you work for a cloud service provider, you can assume you're the customer.
All right, So what shared between them? Well, you know what's probably easier to say? What is always my responsibility?
Always. You know what? As the Cloud customer always, I have the responsibility for the data itself. Remember, I can't outsource that right? So I am legally responsible for the security of my data. Even if it's stored somewhere else. I'm responsible for governance within my organization.
Making sure whatever arrangements I enter in ultimately support the long term goals of the company That will never change. So when you look at this chart, the 1st 2 will always be my responsibility.
Now, if we flip this and look at what's always the cloud service providers. Responsibility, Always the cloud service providers. Responsibility is the physical security off the components. And remember, with security, confidentiality, integrity and availability, Right? So their facility,
that what's stored there is operational, that it operates in such a way that has integrity, that virtual machine hyper visors, air not modified, you know, all the way up through the hyper visor is always gonna be the responsibility of the cloud service provider.
Now, with infrastructure is a service, though, remember, we're going through, and we are working on creating our environment, our network environment. All the devices we usedto have on Bremer now operating up in the cloud.
There's that shared responsibility between the cloud Service provider because the servers themselves
are the responsibility of the CSP. But the configuration And, um,
you know how my network is established? That's up to me. So some basic security? Absolutely. Um, But when it comes down to
the security of the network with infrastructures of service, remember, I take on a lot more responsibility with infrastructure, infrastructures of service. But I gained flexibility in control.
All right, if we go up, the platform is a service well, there's that shared responsibility between the platform that that they provide us. But we're still responsible for the code that we write for testing the application. And then when you go up, the software is a service. Were responsible for the data?
And when this says applications security, you can think more access control, like who gets access to the application, were responsible for identity and access management, making sure the correct users have the correct access to that application.
So what you see here is kind of a chart that shows what the cloud service provider does,
what we use the customer provide, and then that shared area within the
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By