All cloud stakeholders must understand:
Differentiate CSP partner responsibilities
Responsibilities vary depending on:
Consumer:
CSPs don´t review security for individual consumers
Consumer defines:
Check differences between CSPs´shared responsibilities
Responsibilities if service in-house ?
All responsibilities assigned ?
Factors affecting responsibilities:
Cloud consumer and CSP never share responsibility: each controls its own area of ownership for security
Consumer audit access and configures security
Consumer organization security responsiblity: when it moves application, data, containers, workloards to the cloud
CSP security responsibility for other activities like physical infrastructure
Define security responsibilities
Work with CSP
Meet security needs
Reduce costs
Dedicated security approach for each:
Weakest link defines security
CSP provides standard, proven security
Consumer security developed when needed
Consumer security must work within CSP framework
1. Shared responsibility model Model defines:
Model outlines responsibility for:
Responsibilities vary:
|
Define responsibilities to reduce risk
CSP never has full responsibility
Understand responsibilities before CSA
Key factors:
In-house: service provider responsible for all security
Cloud environment: security responsibility shared
Security ownership clearly defined
Secure environment with less operational overhead
Security gaps affect all systems
CSP security standardized
Consumer security less comprehensive
Include security in CSP agreement
1.1 Provider and consumer responsibilities
Cloud vendor controls:
Consumer responsibilities:
Single security aspects never shared
Consumer and CASP have total control over their responsibilities
Consumer right to audit verification
Ensure non-CSP responsibilities are managed
Go back to ITIL 4 Acquiring Managing Cloud Services Certification Course: Agree to finish this chapter or to the main page ITIL 4 Acquiring Managing Cloud Services Certification Course.
When you are managing a team, “how to be a good manager” is the “must”...
As manager, I am doing many reports, even when I was an ITIL consultant, I still needed to do many reports...
ITIL V3 is going to be obsolete...
Managing an IT service when I start a new company is not an easy task, particularly true, if the service...