The Cloud Shared Responsibility Model
Under the shared responsibility model, public cloud customer have specific responsibilities to ensure security and compliance.
What Makes The Cloud Secure and Compliant?
Many public cloud platforms can be configured to achieve cybersecurity and meet regulatory standards. Specific safeguards must be addressed for managing and monitoring security compliance in AWS and the cloud.
Administrative Safeguards
Written policies and procedures, staff training, contingency planning, monitoring and policy review
Technical Safeguards
Security controls including encryption, data integrity, authentication, backup/failover, auditing and logging
Physical Safeguards
Security standards related to physical servers, media and employee access to production systems
Cloud Compliance: A Joint Effort
Compliance with regulatory standards and cybersecurity frameworks such as HIPAA /HITECH, SOC 2, GRPR, and PCI DSS are joint effort between cloud providers and your organization. It is a constant process of review, monitoring, and maintaining security standards. Public cloud providers such as Amazon Web Services (AWS) typically provide a Business Associates Agreement (BAA) that dictates specific security standards managed by the provider or required by your organization. These agreements outline cloud service configuration and layout technical and physical safeguards.
It is the responsibility of your organization to properly configure your cloud environment, create organizational policies, and develop applications that meet relevant compliance standards.
Learn how Dash ComplyOps helps organizations manage compliance responsibilities
The Shared Responsibility Model
Unpacking the requirements for maintaining compliance in the public cloud
Cloud Provider Responsibilities
Cloud platforms are responsible for security and compliance
OF the Cloud.
- Physical Access Controls
- Data Access and Disposal
- Internal Networking
- Specific Security Agreements such as BAAs
Your Responsibilities
Your organization is responsible for security and compliance
IN the cloud.
- Staff and Organizational Policies
- Backup and Disaster Recovery
- Service Availability and Failover
- Auditing and Logging
- Firewall Configuration
- Data Storage and Encryption
- Policies
Achieve Compliance In The Cloud
Dash ComplyOps enables teams to build and manage a robust security and compliance program in Amazon Web Services (AWS) and the public cloud. Dash helps your team to manage all security responsibilities your team are required to handle under the of the Shared Responsibility Model and provides baseline security programs for achieving compliance with HIPAA/HITECH, SOC 2, and HITRUST CSF.
- HIPAA/HITECH Compliance Experts
- Security Plans Tailored To Your Organization
- Compliance Built Around Your Cloud
- Amazon Web Services (AWS) Advanced Partner
Ready To Automate Compliance In The Cloud?
See how teams manage cloud compliance program with the Dash ComplyOps Platform.
