Amazon operates under a shared responsibility model. Amazon takes responsibility for the security of its infrastructure and has made platform security a priority in order to protect clients’ critical information and applications. Amazon detects fraud and abuse and responds to incidents by notifying clients. However, the SM8 is responsible for ensuring our AWS environment is configured securely, data is not shared with someone it shouldn’t be shared with inside or outside the company, identifying when a user misuses AWS, and enforcing compliance and governance policies.
- Amazon’s responsibility – Since it has little control over how AWS is used by its clients, Amazon has focused on the security of AWS infrastructure, including protecting its computing, storage, networking, and database services against intrusions. Amazon is responsible for the security of the software, hardware, and the physical facilities that host AWS services. Amazon also takes responsibility for the security configuration of its managed services such as Amazon DynamoDB, RDS, Redshift, Elastic MapReduce, WorkSpaces, etc.
- SM8 responsibility –responsible for secure usage of AWS services that are considered unmanaged. For example, while Amazon has buSM8 several layers of security features to prevent unauthorized access to AWS including multifactor authentication, it is the responsibility of SM8 to make sure multifactor authentication is turned on for users, particularly for those with the most extensive IAM permissions in AWS.
