What is the Shared Responsibility Model in Cloud Computing?

The shared responsibility model outlines the security duties by specifying the rights and responsibilities of both the cloud service provider and the client. In essence, it clarifies who is responsible for each aspect of security to ensure effective protection of the cloud environment. The specifics of this division are a little different depending on the service model (SaaS, PaaS, IaaS).

세 가지 모델의 차이점은 다음과 같습니다.

• SaaS (Software-as-a-Service): The provider handles the underlying infrastructure, the application, and the data, while the customer is in charge of user access and data classification.
• PaaS (Platform-as-a-Service): The provider is responsible for the supporting system, including Web service, operative system, etc., while the customer is responsible for all applications and data.
• IaaS (Infrastructure-as-a-Service): The provider controls the physical layer while the customer controls applications, operating systems, and data.

Here are the detailed responsibilities of SaaS providers:

• Physical security: Protect data centers and hardware.
• Network security: Protection against the threats posed by unauthorized access or cyber-attacks.
• 애플리케이션 보안: 침해를 방지하기 위해 보안 취약점이나 버그를 수정하는 소프트웨어 업데이트
• Data security: 데이터를 저장 및 전송 중에 암호화하고 백업이나 재해 복구가 있는지 확인
• 운영 보안: 위협 감지 및 보안 사고 대응

SaaS 고객이 고려해야 할 사항:

• 기기 보안: SaaS 애플리케이션에 액세스하는 데 사용되는 기기를 보호합니다.
• 액세스 관리: Managing the right limitations of the users and their ability to access an application, the procedures to verify their identity, and the authorization to access the application.
• 보안 인식 교육: Training of the employees on security measures and phishing risks.
• Data classification: Identifying sensitive data and putting measures in place to protect it.
• 인시던트 대응: Having a contingency plan as to how the security threats could be handled.

Organizations and Software as a Service providers and suppliers should:

1. Regularly review the SaaS provider’s security documentation and certifications: Learn about their security practices and make sure that they meet your organization’s standards.
2. Establish clear communication channels: Maintain clear communication with your SaaS provider to discuss security concerns, report any issues, and stay updated on security changes.
3. 보안 인식 프로그램에 참여하세요: 직원들이 SaaS 공급업체가 제공하는 보안 교육을 받도록 권장하세요.
4. 공동 보안 평가를 수행하세요: 공유 환경에서 위험을 파악하고 줄이기 위해 협력하세요.
5. 서비스 수준 계약(SLA)을 수립하세요: 양측이 서명한 계약서에 보안 요구 사항과 의무를 명시합니다.