Module Question 7
- Explain the “Shared Responsibility Model.” What is the cloud provider responsible for, and what is the business (customer) responsible for?
- What is a cloud misconfiguration, and can you provide an example (e.g., a public S3 bucket)?
- Why are Identity and Access Management (IAM) policies so critical in a cloud environment?
Status: 100% sudah tercapai
Keterangan: Saya sudah mengerjakan essay ini dengan baik dan benar
Bukti:
-
The Shared Responsibility Model explains how security responsibilities are divided between a cloud provider and the customer (business). Both sides play a role in keeping systems and data secure.
Cloud Provider Responsibilities (Security of the Cloud):
- Protecting physical data centers (buildings, hardware, networks)
- Maintaining core infrastructure (servers, storage, networking)
- Ensuring the cloud platform is secure and available
Customer Responsibilities (Security in the Cloud):
- Managing and protecting their data
- Setting strong access controls (users, passwords, permissions)
- Securing applications and configurations
- Keeping software updated and properly configured
-
A cloud misconfiguration happens when cloud resources are set up incorrectly, creating security gaps that can expose data or systems.
This usually occurs due to human error, such as leaving settings too open or not applying proper security controls.
Example: Public S3 Bucket
An Amazon S3 bucket is meant to store files securely, but if it is accidentally set to “public,” anyone on the internet can access its contents.- Sensitive data (like customer info) can be exposed
- No authentication is required to view or download files
- It can lead to serious data breaches
-
Identity and Access Management (IAM) policies are critical in a cloud environment because they control who can access what resources and what actions they can perform.
- Control access: Ensure only authorized users can access specific systems or data.
- Prevent misuse: Limit permissions so users only have what they need (least privilege).
- Protect sensitive data: Reduce the risk of data leaks or unauthorized changes.
- Improve accountability: Track who did what, making it easier to audit and investigate.
- Reduce attack impact: Even if an account is compromised, limited permissions minimize damage.
