Skip to main content

Amazon Web Services

AWS’s Shared Responsibility Model at a Glance

Working with sensitive customer data is central to most contact centers, making privacy and security a top concern. But because Amazon Connect is a cloud contact center product, Amazon considers security and compliance a shared matter between AWS and its customers, and they adopt a common policy called the Shared Responsibility Model.

Every AWS customer should review the Shared Responsibility Model in detail, which varies for each AWS service, but the gist of it is captured in Amazon’s graphic below.

Shared Responsibility Model, retrieved from https://aws.amazon.com/compliance/shared-responsibility-model/

Generally speaking, AWS manages the security and compliance of its infrastructure, including the hardware and software that run AWS services in the cloud. Customers are expected to manage the security and compliance of whatever they host inside of the AWS service(s) they choose to run, including customer and client data, encryption, security patches, operating system, etc.

An easy way to remember this is AWS is responsible for the security of the cloud, while the customer is responsible for security in the cloud.

The Shared Responsibility Model does differ by type of service, however. There are three service type categories: infrastructure services, container services, and abstract services. Let’s compare the three service type categories and how security and compliance ownership varies between them.

Infrastructure Services

An infrastructure service is a type of computing service where infrastructure that traditionally exists in an on-premises data center is hosted by a provider (in this case, AWS) in the cloud. Amazon Connect is an example of an AWS infrastructure service.

For infrastructure services, AWS is responsible for:

  • Foundation services (networking, storage, compute)
  • AWS global infrastructure
  • AWS Identity and Access Management
  • AWS API endpoints

For infrastructure services, the customer is responsible for:

  • Customer data
  • Customer applications
  • Operating system
  • Network and firewall
  • Customer Identity and Access Management
  • High availability
  • Scaling
  • Instance management
  • Data protection (in transit, at rest, and backup)

Container Services

A container service allows multiple applications to share resources while running on the same operating system. Amazon Relational Database Service (RDS) is an example of an AWS container service.

For container services, AWS is responsible for:

  • Foundational services (networking, storage, compute)
  • AWS global infrastructure
  • AWS Identity and Access Management
  • AWS API endpoints
  • Operating system
  • Platform/application

For container services, the customer is responsible for:

  • Customer data
  • Firewall (virtual private cloud)
  • Customer Identity and Access Management (database users, table permissions)
  • High availability/scaling
  • Data protection (in transit, at rest, and backup)

Abstract Services

An abstract service is a storage, database, or messaging service. Amazon Simple Storage Service (S3) and Amazon DynamoDB are examples of AWS abstract services.

For abstract services, AWS is responsible for:

  • Foundational services (networking, storage, compute)
  • AWS global infrastructure
  • AWS Identity and Access Management
  • AWS API endpoints
  • Operating system
  • Platform/application
  • Data protection (at rest – SSE, in transit)
  • High availability/scaling

For abstract services, the customer is responsible for:

  • Customer data
  • Data protection (at rest – CSE)

 

While AWS has highly stringent cloud security and compliance standards, always remember that security and compliance are shared between AWS and the customer. Check out AWS’s extensive Security Resources at https://aws.amazon.com/security/security-resources/ for more information.

About Perficient

As an Amazon Partner Network (APN) Advanced Consulting Partner, Perficient can help customers of all sizes design, architect, build, migrate, and manage their Amazon Connect contact center. Our deep expertise in contact center implementation and Amazon Web Services paired with our attention to customer care ensures you get the best end-to-end solutions, including everything from hands-on technical assistance to managing organizational change.

Interested to learn more? Request a demo or contact us here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Alexandra Elledge

I'm a Senior Technical Writer and Trainer for Perficient's Amazon Connect Practice. Amazon Connect is a pay as you go cloud-based contact center service that’s part of the Amazon Web Services platform.

More from this Author

Follow Us