A mid-sized enterprise recently suffered a security breach in their AWS-hosted application. The responsibility for identifying the source and cause of this breach falls under the purview of the internal security team. Based on the AWS shared responsibility model, which of the following would be the appropriate action for the team?
According to the AWS shared responsibility model, AWS is responsible for the security 'of' the cloud, including the physical hardware, global infrastructure, and foundational services. However, customers are responsible for security 'in' the cloud, such as managing the security of their own data, applications, identity and access management, and other configurations within their AWS environment. Therefore, the appropriate action for the internal security team would be to audit the application security and IAM configurations within the enterprise's AWS services.
While AWS maintains the basic infrastructure, customers are responsible for everything that goes into the cloud or, the “security in the cloud.” With the provided infrastructure services, customers can build and configure their platforms and OSes within the Amazon VPC. Customers retain complete ownership of their data and they are responsible for network traffic protection, firewall configuration, identity and access management (IAM), and application security.