Show Notes
Cloud Computing Fundamentals - What is the shared responsibility model.
Website: https://www.globaltech.tv/
Social networks: https://linktr.ee/globaltechtv
View Full Transcript
Episode Transcript
[00:00:02] Speaker A: Hello everyone and welcome back to the global tech tv podcast. And in the previous chapter we explained about cloud services, what they are. We mentioned the Iaas, Paas and SaaS model. So yal, can you please explain what is the shared responsibility model and how it is relevant to the cloud service models?
[00:00:24] Speaker B: Yeah, sure. Okay, so the shared responsibility model is one of the fundamental concepts for any organization using the cloud. It tried to draw a line of responsibility between the cloud service provider and the customer or the organization using cloud services. In traditional data center, organization were responsible for everything. Organization may have owned the data center itself.
They were responsible for the physical security, the power, cooling and ventilation.
Organization had to make sure that every component is redundant in case of failure inside a data center. The organization had to purchase and maintain virtual servers, network storage and equipment, and many more things related to data center activities inside each server, deploy the operating system and configure application, and had to perform take care of backup resiliency, software security patches, protect network access to the servers and many more other settings.
[00:01:32] Speaker A: Okay, so let's start again with the IaaS model.
[00:01:37] Speaker B: Okay. When we're using infrastructure as a service or the IaaS, the cloud service provider is responsible for all layers below the operating system. The cloud service had to build and maintain data center in multiple region or geographic locations, making sure only a small number of employees can actually physically access the data center.
In today's world, cloud service provider built specially customized hardware to rack thousands of servers in a very efficient power and cooling consumption.
The cloud service provider deploys network equipment and storage, allowing his customer to virtually unlimited number of resources. And from a customer point of view, customer can select the required type of virtual hardware, meaning amount of cpu and memory, and the operating system from a predefined list. Once a guest operating system is deployed, the cloud service provider has no access to the content of the operating system and the customer is fully responsible for the maintenance of the operating system, the backup, the system configuration, social deployment inside it and the data stored in the cloud.
[00:02:54] Speaker A: So it's really changing how things works really and the responsibility of each team. And let's move to the PaaS.
[00:03:05] Speaker B: So in platform as a service or PaaS, the cloud service provider is responsible for all layers mentioned in the infrastructure as a service, including the operating system. And in many cases, the cloud service provider is responsible for the software and system configuration of upper layers such as deployment, maintenance and resiliency of managed databases. And this is just an example of a PaaS service from a customer point of view. Depending on the past service itself. There are cases where the customer can control network settings, such as who can access the managed service over the network. For example, can I use it for my on prem or only for my private network?
Sometimes customers can control system configuration and in most cases customers are responsible for storing their data in the cloud and control the permission for the managed services.
[00:04:00] Speaker A: And finally, let's go to the SaaS model.
[00:04:04] Speaker B: So in the software as a service or SaaS model, the cloud service provider gives customers a fully managed service end to end.
The cloud service provider makes sure that the service is highly resilient, secured and well performed.
When using one of the major SaaS solutions, customer has the options to choose the region or geographic location of the data stored inside the SaaS service and which users, usually from the organization or from the customer side, can actually access the data stored in the cloud.
And if you're already mentioning the entire shared responsibility model, there are two distinction I want to talk about. The first is the way Amazon is look. AWS services are looking at the shared responsibility model from their point of view. Other than the Iss and paas, they have two distinction. The first one is security of the cloud, meaning securing all infrastructure, hardware and software that is under the responsibility of AWS. And it has security in the cloud, meaning AWS offers customers multiple mechanisms to control the workloads from encryption, auditing, network access control, list authentication, authorization, and the customers are responsible for choosing which mechanism or which security controls to use and whether to implement them or nothing. So this is the AWS point of view. Another point of view is the Google point of view. Google Cloud. So Google Cloud platform, they looking at the shared responsibility model and they extend it to their own term that is called shared faith, which means both the cloud provider, in this case Google and its customers, are responsible for improving the security of the platform itself. And usually they are doing so by publishing blueprints of predefined configuration settings so that the customers can use it in order to leverage the cloud capabilities and make it more secure and more in a standard way.
[00:06:16] Speaker A: Great. So cloud computing is really changing how we work with the it and again, the responsibility that we have. So in this chapter we talk a lot about shared responsibility model and how it really impacts our responsibility as customers using the cloud. And again, it's one of the most important thing before you start using cloud. And in the next chapter we will talk about the cloud physical infrastructure.
And again, as always, you are welcome to follow us. Please follow us. In global tech tv, we are in most of the social medias that you can imagine is Twitter, LinkedIn, Facebook, Instagram and all the other ones, YouTube, of course. And again, feel free to write to us, ask questions, suggest future topics we will have to discuss with you in every platform available. So, Eyal, thank you very much. Thank you to all the listeners. And until the next one, bye.
