Security and Compliance for cloud services is a shared responsibility. Trusted security in the cloud is achieved through the partnership of shared responsibilities between customers, VMware, and Amazon Web Services. This matrix of responsibility ensures a higher security model and eliminates single points of failure. Sharing the burden of responsibility for security can reduce the day-to-day operational burden on the customer for the physical and virtualized layers that form the underpinning of the applications and services required by the customer.
The following diagram illustrates the high-level architecture for VMware Cloud Services and the associated security responsibilities for both VMware and cloud tenants.
Depending on the particular cloud service offering, either Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, or IBM Softlayer delivers the underlying infrastructure. VMware provides its software services for the customer that sits on top of the physical layer, and must provide security for the components that it manages. So as illustrated, there are altogether three parties that together share responsibility for security – the IaaS Provider from a physical global infrastructure standpoint, VMware from a service standpoint, and finally customers who run the service.
All three groups share responsibility within the overall security landscape for services run on VMware Cloud Services.
- The IaaS Provider is responsible for security of the underlying physical infrastructure of the data center, across all regions and availability zones, as well as edge locations.
- VMware is responsible for ensuring all facets of security for the management layer above.
- Customers continue to own and operate the security and compliance of the actual workloads by extending their successful policies and controls to public cloud locations.
This shared responsibility model also extends to the controls environment of the customer. Customers are able to rely on AWS and VMware for IT controls related to the physical infrastructure and the control plane. And customers can leverage the AWS and VMware control and compliance documentation for their own control evaluation procedures.
The really good news in all of this is that you’re not solely responsible for the gamut of security anymore, like it is in the on-prem world. As you work with us, you will find that it should reduce the burden of security and compliance. It is imperative however that every customer carefully evaluates the specifics of who is responsible for what, to ensure holistic security and compliance.
Visit security.vmware.com and learn how VMware delivers security in our products, solutions, across industries and the security controls implemented in various cloud services inlcuding VMware Cloud Services that run on Amazon Web Service (AWS) IaaS infrastructure.
Sandeep Poonen – Sr. Director, Cloud Services Security
Follow us on Twitter at @VMwareSecurity