Companies like Google and Amazon Web Services (AWS) talk a lot about shared responsibilities in the cloud, but lines are blurry – roles and responsibilities, which are outlined in a two-layer model, are not clear. Additionally, rarely do their customers have security experts on staff, and more often than not, they do not even have a data security partner. These common gaps and ambiguity can leave your company at (preventable!) risk of a security breach.

In this blog, I clarify responsibilities for a shared security model and make the case for a three-layer model – a model in which Castlerock partners with Google and AWS customers to carry out responsibilities in ways that best protect their organizations.

Clarifying Lines in the Two-Layer Model

Cloud providers like Google and AWS make it easy to build and launch out-of-the-box services and get up and running quickly; however, this ability is often at odds with best security practices.

The common model is a two-layer model between the Cloud Provider and Customer.

Cloud Provider Responsibilities

  1. Secure premise
  2. Reliable power, data center up time and availability
  3. Access to consoles and APIs for running and maintaining services
  4. Provide services to run whether they are virtual machines, container systems, or applications

Cloud Customers Responsibilities

  1. Secure access to consoles and APIs
  2. Build networks with ingress and egress controls for services offered and used
  3. Secure access to system being run such as virtual machines, databases, and other applications
  4. Maintain those systems and keep operating systems, installed applications and components patched and current
  5. Ensure services being used or run are only used for the intended purposes
  6. Build and run their products and services

The cloud customer list ends with what is perhaps the largest responsibility for a business: building and running products and services.

Building and running products and services get the most attention by new product developers as they are an organization’s raison d’etre. Product development is where most organizations prioritize their time. Getting from MVP to operations is the primary driver for an organization’s success, or even reason for being.

The other responsibilities are often regarded as impediments to a minimum viable product, or demo product, that is trying to get off of the ground.

This is where Castlerock comes into play. In other words, out of the six Cloud Customer responsibilities listed above, our customers take responsibility #6, and we take the rest via our Three-Layer Model.

Introducing the Three-Layer Model

The cloud providers responsibilities don’t change much, however when engaging with Castlerock we move the line to the model depicted on the right, which is a three-layer model.

The Castlerock team will take care of all the things in the middle (blue):

  • Assemble and provide a ready operational environment in compliance with best practices and built for the current and future needs of an ongoing cloud-based operation. This frees up your critical organizational resources to develop and build resilient applications and services.
  • Remain your partner in running the infrastructure, or train internal staff to take over after it is built and launched.

How Castlerock Addresses Common Pitfalls

Too often, common pitfalls are not on our customers’ minds or within their expertise. Castlerock problem-solves for these (and mitigates risk) as a cloud operations partner to our customers. They are simply second-nature to us!

  • Using defaults
    • Default VPC
    • Default Security group
    • Default route table
  • Using permit all or open permissions
    • Network Access Control Lists
    • Roles and Policies
  • Relying only on passwords, which may also be poor
  • Permitting servers to have access open to the internet
    • Remote Desktop
    • Secure Shell
    • Database services
  • Having poor or absent source control
  • Running services in the console “Click Ops”
  • Securing and maintaining code and applications that run on this myriad services if running on a cloud-based workload

Castlerock’s team will build a solid foundation that people can operate, and free you up to run your business and concentrate on Cloud Customer Responsibility #6, where your technology team is likely the strongest.

As your partner we empathize, with the challenges of running cloud workloads, provide expertise where you need it, and maintain your team’s humanity. We tailor solutions to meet customer needs rather than trying to fit customers into a boxed in solution. Are you ready to get started?