Phase 1 · Cloud Fundamentals + Shared Responsibility · Lesson 4 of 4
Who Is Responsible? 12 Cloud Security Tasks
Exercise
·
15 min
·
+15 pts
For each security task, determine who is responsible. Unless stated otherwise, assume a standard IaaS deployment (e.g., EC2 instances running your application).
The rule to remember
The cloud provider is responsible for security OF the cloud. You are responsible for security IN the cloud. Some tasks are shared — the provider gives you the capability, but you must enable and configure it.
Infrastructure and hardware
Quick check
Task: Physical access control to the data center
Quick check
Task: Hypervisor security and isolation between tenants
Quick check
Task: Ensuring disk hardware does not fail
Quick check
Task: Network firewall between availability zones
Identity and access
Quick check
Task: Enabling MFA on IAM root and user accounts
Quick check
Task: Configuring VPC security group rules
Quick check
Task: Rotating IAM access keys on a 90-day schedule
Data and encryption
Quick check
Task: Configuring S3 bucket policies to prevent public access
Quick check
Task: Encrypting data at rest in an RDS database
Compute and patching
Quick check
Task: Patching the operating system on an EC2 instance
Quick check
Task: Patching the database engine on a managed RDS instance
Quick check
Task: Patching a Lambda function's runtime dependencies