Chapter 7. Shared Responsibilities

In the past, an application or workload might have resided on just one or two technology platforms. The data might have resided in a relational database on a mainframe and the application server on a mid-range server. With the move to a hybrid cloud strategy by many organizations, the complexity has increased with the freedom to use on-premises, many different cloud providers, cloud service models, technology platforms, and cloud native compute options.

The simplified perimeter view with a hard boundary depicted in the system context diagram in Figure 5-6 from Chapter 5 is no longer enough. When using zero trust principles, there is no security boundary due to the removal of internal implicit trust, and identity becomes the new perimeter. With the workload hosted on many different technology platforms, we need a way of visually describing these different platforms that makes it easy to discuss and communicate the different options.

Each technology platform can have a different set of shared responsibilities in a hybrid cloud environment. The organization handling the data retains accountability even though the cloud service providers have the responsibility for securing the platform. Without a clear set of responsibilities, there won’t be an owner to provide security to the cloud platform. We need a clear way of representing these shared responsibilities that enables decomposition down to detailed roles and responsibilities.

Each platform also ...