- AWS has a Shared Responsibility Model where AWS is responsible for security of the cloud infrastructure while customers are responsible for security in the cloud. - AWS manages security of the physical infrastructure like data centers, hardware, networks but customers manage security of operating systems, platforms, applications, identity access management and encryption of data. - When migrating systems to AWS, customers still need to configure security settings like IAM, networking, firewalls and encrypt data to maintain security of their systems and data in the AWS cloud.

1. AWS Shared
Responsibility Model
Tasha Penwell, MISM

2. Our company has
decided to migrate our
system to AWS. Isn't
that great!
Yes it is! With the
availability and scalability
that AWS provides - we'll be
able to provide a better
experience to our
customers.

3. Does that also mean
we don't have to worry
about security
vulnerabilities
anymore?
No, not quite. AWS has a
Shared Responsibility Model
which means AWS is
responsible for some
security measures and we're
responsible for others.

4. So we can't just
migrate it then forget
about it?
No, AWS provides a secure
infrastructure and services but
we're responsible for securing
the operating systems,
platforms and the data

5. Oh, that does make
sense. What kind of
infrastructure security
does AWS have?
The infrastructure security
covers the data center building,
equipment and systems to keep
everything running.
They have back
up power, the
HVAC system
and fire
suppression that
we had provide
our onsite
servers before.

6. Cool. That's one less
headache for us to
worry about - especially
on the weekends!
Exactly! And they also have
security measures for their
physical locations, the data layer
and the take precautions for
environmental factors.

7. Okay, so what do we
still need to do once
everything is in AWS?
I think the first thing would be
setting up IAM, then see what
replications of regions we'll want,
set up our OS, networking and a lot
of the same stuff we did when we
had our equipment here.
Just now we
use the AWS
Console or
CLI

8. Here's a chart that shows
what we're responsible for
as part of the Shared
Responsibility Model with
AWS
Identity & Access Management (IAM)
Customer data
Platform & application management
Operating system configuration
Networking configuration
Firewall configuration
Client side data encryption
Data integrity authentication
Server side encryption
Network traffic protection

9. Thanks! This helps
alot! Where can I learn
more about sharing
responsibilities with
AWS?
The AWS website
has a lot of great
information. I
recommend
starting with this
whitepaper.
Source: https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf?refid=em_