The cloud is an interesting paradigm that takes on multiple personas, depending on who you ask. For the purposes of this post, by the “cloud” I am referring to Infrastructure-as-a-Service (IaaS) public cloud providers, also referred to as Cloud Service Providers (CSPs). Presently, the IaaS market is experiencing the “highest growth rate” among all cloud services and is expected to “grow 24% year-over-year” for the next two years according to Gartner. This growth is largely driven by modern application development processes that require a more agile, elastic, scalable, and dynamic infrastructure than is typically found in on-premise data centers.

While application developers enjoy the tremendous agility and flexibility of the cloud, the Cisco 2020 CISO Benchmark Report shows that many organizations still cite public cloud infrastructure as a “top security challenge,” with 52% of respondents stating they view their cloud environment as “very or extremely challenging to secure.” Public cloud infrastructure has been around for more than a decade, so that begs the question: why are organizations still struggling with security in the cloud? Much of this is largely due to their understanding–or lack thereof–that securing the cloud is a shared responsibility between the customer and the cloud services provider.

Cloud services providers like AWS are unified, multi-tenant environments built on a shared infrastructure that supports millions of simultaneous customers worldwide. AWS utilizes a variety of security, operational management, and threat mitigation solutions focused on protecting the overall cloud infrastructure, hypervisors, services, and tenant environments.

While these strong security controls protect the cloud fabric and ensure optimal service availability, a defense-in-depth strategy for the cloud should also include protecting all workloads, assets, and data from exploits, malware, and other sophisticated attacks. To make matters worse, malware introduced into the cloud can easily propagate among VMs – attacking virtual segments, or even ride unimpeded over VPN links back to corporate networks.

To maximize their investment in cloud infrastructure, businesses need to understand their responsibility for security “in” the cloud. Protecting the cloud infrastructure is incumbent upon AWS while protecting the data, applications, and workloads that reside in the cloud is incumbent upon the business. This is what AWS refers to as the shared responsibility model. Migrating resources and data to AWS means security and compliance is a shared responsibility between AWS and the customer. As a result, organizations must have continuous visibility into application and infrastructure performance pre- and post-migration to the AWS cloud.

AWS Shared Responsibility Model
AWS Shared Responsibility Model

The AWS shared responsibility model helps relieve the customer’s operational burden, while providing the foundation for consistent policies and enforcement across hybrid infrastructures. Additionally, understanding the customer role versus the role of AWS helps organizations make optimal decisions concerning the security of their cloud environments. It also ensures that an organization’s cybersecurity strategy efficiently and cost-effectively aligns with the rest of the business goals, while delivering consistent protection for all corporate data both on-premises and in the cloud.

Cisco has collaborated with AWS to develop a portfolio of solutions that help accelerate customer adoption of AWS cloud services. These solutions are optimized to enhance the native segmentation and elastic networking of AWS to dynamically deliver highly scalable, advanced security and consistent policy enforcement while providing reliable and secure connectivity from customer premises to AWS. This enables organizations to maintain a consistent security posture for their entire network, both on-prem and on AWS, as well as demonstrate compliance with regulatory mandates.

Learn about the Cisco Secure Cloud Architecture for AWS and leverage the Secure Cloud for AWS – Cisco Validated Design Guide, which details the cloud services, critical business flows, and security controls for workload protection in the AWS three-tiered architecture.

Explore all the Cisco Security solutions to help accelerate your journey to the cloud while building a consistent security posture for your AWS environment, including:


Don Meyer

Director of Product Marketing

Cisco Security