1 00:00:06,640 --> 00:00:09,087 - Cloud service providers like Azure and AWS 2 00:00:09,950 --> 00:00:13,820 and Google Labs platform have no choice 3 00:00:13,820 --> 00:00:15,370 but take their security 4 00:00:15,370 --> 00:00:18,480 and compliant responsibilities very seriously. 5 00:00:18,480 --> 00:00:22,670 For example, Amazon created a shared responsibility model 6 00:00:22,670 --> 00:00:24,660 that is actually used to describe 7 00:00:24,660 --> 00:00:28,900 what are the responsibilities of the AWS customers 8 00:00:28,900 --> 00:00:31,190 and Amazon responsibilities in detail. 9 00:00:31,190 --> 00:00:34,860 And you can access the Amazon share responsibility model 10 00:00:34,860 --> 00:00:37,790 from the link that I'm highlighting in the screen. 11 00:00:37,790 --> 00:00:39,300 Now, the share responsibility 12 00:00:39,300 --> 00:00:41,540 depends on the type of cloud model. 13 00:00:41,540 --> 00:00:44,820 Whether you actually have software as a service, 14 00:00:44,820 --> 00:00:48,730 platform as a service, or infrastructure as a service. 15 00:00:48,730 --> 00:00:51,500 So starting with software as a service, 16 00:00:51,500 --> 00:00:55,280 the customer responsibility is basically people and data 17 00:00:55,280 --> 00:00:58,050 and then the cloud service provider responsibility 18 00:00:59,290 --> 00:01:00,500 includes from the physical network, 19 00:01:00,500 --> 00:01:02,093 all the way to the application. 20 00:01:03,080 --> 00:01:05,820 Now here, I'm showing the responsibility 21 00:01:05,820 --> 00:01:09,140 of a platform as a service environment 22 00:01:09,140 --> 00:01:11,230 on where the customer responsibility 23 00:01:11,230 --> 00:01:13,109 or the consumer responsibility is people data 24 00:01:13,109 --> 00:01:16,500 and applications is basically you're developing applications 25 00:01:16,500 --> 00:01:19,730 on top of their infrastructure and their platform. 26 00:01:19,730 --> 00:01:21,930 And then the cloud provider responsibility 27 00:01:21,930 --> 00:01:23,530 includes from the physical network, 28 00:01:23,530 --> 00:01:26,720 all the way to the actual run time, 29 00:01:26,720 --> 00:01:29,090 including things like middleware, the operating system, 30 00:01:29,090 --> 00:01:31,890 virtual network, hypervisor, the actual servers 31 00:01:31,890 --> 00:01:33,483 and the overall infrastructure. 32 00:01:34,330 --> 00:01:37,170 And then finally, I'm showing the infrastructure 33 00:01:37,170 --> 00:01:39,450 as a service responsibility model 34 00:01:39,450 --> 00:01:43,470 and where now you are running virtual networks 35 00:01:43,470 --> 00:01:46,380 and VMs and containers and basically 36 00:01:46,380 --> 00:01:49,010 the cloud service provider responsibilities 37 00:01:49,010 --> 00:01:51,910 the hypervisor, the servers, the storage, 38 00:01:51,910 --> 00:01:54,130 the physical and underlying network. 39 00:01:54,130 --> 00:01:56,842 And then the customer responsibility includes 40 00:01:56,842 --> 00:01:58,951 from people data applications, the run time 41 00:01:58,951 --> 00:02:03,547 the middleware operating systems, the virtual networks 42 00:02:03,547 --> 00:02:07,130 and the virtual appliances that are running 43 00:02:07,130 --> 00:02:08,950 in those environments. 44 00:02:08,950 --> 00:02:10,650 Patch management in the cloud 45 00:02:10,650 --> 00:02:13,070 is also a shared responsibility 46 00:02:13,070 --> 00:02:15,410 in infrastructure as a service 47 00:02:15,410 --> 00:02:17,900 and platform as a service environments. 48 00:02:17,900 --> 00:02:19,500 In SaaS environments, 49 00:02:19,500 --> 00:02:21,500 or the Software As A Service environments, 50 00:02:21,500 --> 00:02:23,690 basically the cloud service provider 51 00:02:23,690 --> 00:02:27,770 is the one responsible for patching all software 52 00:02:27,770 --> 00:02:29,900 and all hardware vulnerabilities. 53 00:02:29,900 --> 00:02:33,470 However, in infrastructure as a service environment, 54 00:02:33,470 --> 00:02:35,292 the cloud service provider is responsible 55 00:02:35,292 --> 00:02:38,550 for only patching the hypervisors 56 00:02:38,550 --> 00:02:41,930 and also the physical compute and storage servers, right? 57 00:02:41,930 --> 00:02:44,760 Including physical network and so on. 58 00:02:44,760 --> 00:02:48,220 You are the one responsible for patching the applications, 59 00:02:48,220 --> 00:02:50,830 the VMs and the operating systems running 60 00:02:50,830 --> 00:02:55,230 on top of those VMs and of course, your containers, as well. 61 00:02:55,230 --> 00:02:57,680 And if you deployed any virtual networks, 62 00:02:57,680 --> 00:03:01,340 you also are liable for patching 63 00:03:01,340 --> 00:03:03,870 and making sure that those virtual networks 64 00:03:03,870 --> 00:03:05,883 are deployed in a secure manner.