Cloud

More than half of IT professionals aren’t familiar with the shared responsibility model

“They may not be familiar with the term, but I think they’re familiar with the concept,” one expert tells IT Brew.
article cover

Amelia Kinsinger

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

According to a recent survey, roughly half of IT and cybersecurity professionals are unfamiliar with a popular golden rule for security in the clouds…or at least the name of it.

An August Dark Reading report found that only 49% of respondents surveyed were familiar with the “shared responsibility model,” a cloud security framework that outlines the responsibilities of a cloud service provider and its customers. Cloud service providers such as Microsoft Azure, Google Cloud, and Amazon Web Services each have their own version of the accountability model, which allows them to clearly communicate what security responsibilities they are responsible for versus what areas are in the control of a customer.

The survey, which was commissioned by cybersecurity company OPSWAT in partnership with F5, queried 131 IT and cybersecurity professionals from companies of all sizes earlier this year.

On the tip of your tongue. Adam Rocker, director at OPSWAT, told IT Brew that the survey’s findings were a bit surprising, but gave the respondents the benefit of the doubt in their understanding of the model, which he claims was popularized primarily by AWS.

“They may not be familiar with the term, but I think they’re familiar with the concept,” he said.

However, Nick Franklin, global AWS tech alliance director at Fortra, told IT Brew that he has observed a blatant lack of understanding of appropriate responsibilities among providers and customers throughout his career.

“There is 100% [an ambiguity] between what I think most economic buyers and users of products and services believe is inherent to those services they’re buying against the backdrop of reality,” he said, adding that the shared responsibility model works to disambiguate this information.

Ignorance is not bliss. Orca Security co-founder and CEO Gil Geron emphasized the importance of implementing the shared responsibility model in day-to-day operations, telling IT Brew that adhering to the framework helps establish accountability between cloud service providers and customers and prevents “chaos” from ensuing.

“The reason it is so important is because when it’s not clear what you should do and how you should do it, then suddenly bad things can happen and there is no way to to handle them because when no one is responsible, no one can do anything about it,” Geron said.

Geron added that when customers are negligent of the responsibilities outlined in the shared responsibility model, it can result in breaches, data loss, account takeovers, and wallet attacks, a type of an attack where bad actors spend a customer’s cloud provider quota in order to “compute” for their own resources.

If you don’t know, now you know. Those looking to ensure their team is adhering to the shared security model can start by going to the vendors they work with and asking questions about specific tools being used, said Franklin.

“They need to ask…‘What are we responsible for that you are not?’” Franklin said. He added that this was a question he “rarely” heard while working in the managed services industry.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B