Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

1.2.2. Shared Responsibility: Customer's Role

šŸ’” First Principle: The customer is responsible for "security in the cloud," securing their data, applications, and configurations within AWS services, like OS and network controls.

The customer's responsibility in the Shared Responsibility Model is for "security in the cloud." This means customers are responsible for the security of their data, applications, and configurations within the AWS environment. This includes things like:

Key Customer Responsibilities ("Security in the Cloud"):
  • Data Security: Data encryption (at rest and in transit), data integrity, data classification.
  • Access Management: IAM configuration, least privilege application, MFA.
  • Network Configuration: Security Groups, Network ACLs, VPC configurations.
  • Operating System: Guest OS patches, security updates, firewall configurations on EC2 instances.
  • Application Security: Application code security, dependencies, and configurations.

Scenario: When deploying an EC2 instance, the customer configures security groups, encrypts EBS data, and manages application-level security patches.

āš ļø Common Pitfall: Neglecting to patch the guest operating system on an IaaS Virtual Machine. This is a critical customer responsibility and a common source of security vulnerabilities.

Key Trade-Offs:
  • Flexibility vs. Responsibility: IaaS (like EC2) offers the most flexibility and control over the operating system and applications but also the most security responsibility for the customer. PaaS and SaaS reduce customer responsibility but offer less configuration flexibility.

Reflection Question: How does misconfiguring a security group or failing to patch an operating system on an EC2 instance directly demonstrate a failure in the customer's shared responsibility for "security in the cloud"?