Cloud Responsibility Matrix - What does your infrastructure say about compliance (AWS AZURE and GCP)
A bulk of organizations are moving to the cloud. A large number have moved already. The greater part of the remnant is thinking about moving. Migrating infrastructure and other functions to the cloud comes with a lot of benefits, of which the chief of them all is the fact that you transfer a lot of responsibilities to the cloud service provider.
Naturally speaking, no one loves work. What’s more golden is the fact that you can transfer a lot of responsibilities for peanuts when you subscribe to cloud service providers.
Which Organizations are ranking in Clouds
Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) have proved to be the kings in this space-time and time again over the years.
As always, organizations are required to adhere to compliance requirements in their quest to do business smoothly and protect their customer data. Using a cloud service provider splits the responsibility in two ways, the CSP having the bulk.
Unlike the on-premise infrastructure model where the customer or the organization is ultimately responsible for the security and hence compliance, responsibility for security and compliance with cloud platforms aren’t break-back worthy. A lot of things have already been put in place by the CSP so it saves you time and energy. Security and compliance can be a big burden.
All that said, users need to be aware of their responsibilities to avoid room for any assumption.
Below, the shared responsibility model is visualized for the CSP and the customer (organisation).
Red: Customer’s Responsibility, Yellow: Shared Responsibility, Green: CSP’s Responsibility
As we traverse from on-premises model to Software-as-a-Service (Saas) model, responsibility for security is gradually taken off the customer and transferred to the CSP.
Speaking of compliance (taking PCI DSS as an example), CSPs have the responsibilities shared also.
What Are The AWS, AZURE, GCP Shared Responsibilities Model?
In the table that follows, you’ll see how AWS, AZURE and GCP share compliance responsibilities for PCIDSS among their customers.
Red: Customer’s Responsibility, Yellow: Shared Responsibility, Green: CSP’s Responsibility
In Conclusion
Just like in the matrix for security, as we traverse from Infrastructure-as-a-service (Iaas) to Software-as-a-service (Saas), responsibility is gradually lifted from the customer.
