This year’s Amazon Web Services (AWS) re:Invent in Las Vegas attracted over 19,000 attendees—the largest re:Invent so far—and kicked off the conference with many big announcements.
With cloud adoption continuing to rise rapidly, Amazon is clearly making a concerted effort to make it easier for organizations to adopt their cloud. They are removing barriers of entry, simplifying data management, delivering rich analytics to give you greater insight on what’s happening in your environment, and addressing essential security needs—all which are some pretty compelling reasons why organizations would strongly consider AWS as their cloud solution provider.
With AWS’s keynote announcements of several great tools and services, it’s important to remember that protecting your environment is a high priority once you’ve moved to the cloud. All cloud providers, including AWS, employ a shared security model when it comes to protecting the cloud, and it’s imperative to understand the difference between “security of the cloud” and “security in the cloud.”
What’s the difference?
“Security of the cloud” is what AWS, the cloud solution provider, implements and operates on the customer’s behalf. They’re responsible for protecting the global infrastructures of services running in the cloud and the actual physical security of the facility in which the services operate. On the other hand, “Security in the cloud” includes the security measures that the customer implements and operates, related to the security of the content and applications that make use of AWS services.
The diagram below shows you the specific areas that AWS and the customer are responsible for.