When it comes to cloud, everyone is quite aware of the need to secure applications, encrypting data transfer and at rest, management of resources and service access by employees & consultants, etc.
With AWS it’s not different and they have a bunch of services related to security in the cloud.
AWS divides the security responsibility between them and their customers and we will take a closer ( – and simple ) look of both cases.
The AWS Security Responsibility
The responsibility of Amazon on securing the cloud platform, known as “Security of the Cloud“, is mostly focused on their global infrastructure.
They are responsible and take serious actions at whom can access their data centers, how their network behaves and continues scan for any sign of data leak and security flaws, plus, they upgrade any piece of software and/or environment entities.
The Customer Security Responsibility
The customer responsibility mostly relies on what is done in the cloud, as you may guess, the known “Security in the Cloud”.
Customers are responsible to keep their environment with all the latest security upgrades, control which traffic flows through their cloud private network, which is done either by the VPC Access Control List (ACL) or by EC2 Security Groups, encrypt all critical data and manage correctly users with access to their AWS environment.
The Big Picture
As I said, it was a simplified version of the subject but if you want to know more details about, I leave you with two other useful links: