Exploring the Impact of Shared Responsibility Models on Cloud Security Posture and Vulnerability Management
Cristina Reyes
Department of Computer Science, University of the Cordilleras, Harrison Road, Baguio City, 2600, Benguet, Philippines.
Clarisse Mendoza
Department of Computer Science, Nueva Ecija Technological University, Burgos Avenue, Cabanatuan City, 3100, Nueva Ecija, Philippines.
Abstract
This paper investigates the impact of the shared responsibility model on cloud security posture and vulnerability management. The shared responsibility model divides security roles between cloud service providers and customers, with providers securing the cloud infrastructure and customers responsible for securing their data, applications, and access controls. Misunderstanding or neglecting these responsibilities can lead to significant vulnerabilities, exposing organizations to security risks such as data breaches, unauthorized access, and regulatory non-compliance. The study examines the different responsibilities in Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) models, highlighting how organizations can effectively manage their security posture within each model. Key practices, such as encryption, identity and access management (IAM), vulnerability scanning, and patch management, are analyzed to provide insights into best practices for maintaining a secure cloud environment. Additionally, the paper explores how automation tools and cloud provider services can assist in vulnerability management, enabling organizations to maintain a proactive security stance. By understanding the nuances of the shared responsibility model and employing best practices, organizations can significantly reduce the risk of cloud vulnerabilities. The findings underscore the importance of continuous monitoring, automated security controls, and clear communication between cloud providers and customers to ensure a secure and resilient cloud infrastructure.