Abstract
The purpose of this whitepaper/guide is to help further clarify the shared responsibility, debunk common myths such as control inheritance being simple and straightforward, and help illuminate the many challenges hidden in plain sight, which may not present themselves until it’s too late. Unclear control inheritance results in the consumption of time, costs, and energy due to the ambiguity of the controls and misperceived sense of security. Finally, the whitepaper aims to provide approachable shared services/management layer concepts which can be adopted for organizations looking to implement and deploy highly scalable services whilst maintaining compliance across a spectrum of services and applications.
Multiple occurrences plague the headline such as “Cloud Service Provider hacked, cloud is still not secure, data breach due to insecurity of the cloud!” and more, which ultimately can be traced back to the false sense of security provided by most shared responsibility models, which is essentially unclear control inheritance at its core.
The trend of continuing to provide new and innovative ways to offload responsibility to the cloud vendor is not slowing down anytime soon, and as more and more individuals, and corporations begin leveraging new innovative technologies, a greater risk of (but not limited to) breaches, misconfigurations, data leaks and vulnerability to cloud consumers presents itself. If control inheritance and the shared responsibility model is not further distilled and grey areas clearly revealed to the cloud consumer, the risk of another unnecessary breach exponentially increases. The Customer Responsibility Matrix (CRM) attempts to address this problem but fails short in many ways.