What is AWS Shared Responsibility Model?

Security and Compliance is a shared responsibility on the cloud between AWS and its customers. Where Amazon is responsible for “the security OF the cloud”, the customer is responsible for “the security IN the cloud”.

Security of the Cloud – AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and physical security at the facilities that run the AWS Cloud services.

Security in the Cloud – The customer responsibility is determined by the AWS Cloud services that a customer selects. This translates to the amount of configuration work the customer must perform as part of their security responsibilities. For example, services such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Virtual Private Cloud (Amazon VPC), and Amazon S3 are categorized as Infrastructure as a Service (IaaS) and, as such, require the customer to perform all of the necessary security configuration and management tasks. If a customer deploys an Amazon EC2 instance, they are responsible for management of the guest operating system including updates and security patches, any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall such as security group on each instance.

This short animation succinctly drives the message.

Containerize Or Go Serverless?

As enterprises are looking to move to the cloud, there are two alternatives to consider, go Serverless or use Containers. The choice depends on many factors, but chief among them is the answer to the question: are you building from scratch or porting over existing applications with minimal change.

Serverless makes it easy for developers to build green field applications and not worry about software licenses, scaling, infrastructure management and governance. Whereas in containers these problems from the on-premise world lingers. Instead of VMs you have to manage containers. Given the momentum behind Serverless and the speed at which it allows functional requirements to be delivered without having to worry as much about NFRs, Serverless is an attractive option.