Skip to main content
System Security Plans

Extending the Shared Responsibility Model

By May 19, 2021No Comments
Shared Responsibility Model

Explore how the extended shared responsibility model can help you

The Shared Responsibility Model was a great option when businesses first started using the odd cloud component. This model ensures that both parties, the cloud service provider and the user (or organisation), have shared accountability. They are both responsible for different security aspects and must work together to ensure that the data is fully protected.

Nowadays, however, organisations use whole modern cloud applications that are much more complex. It becomes increasingly challenging to keep to this them and us approach, where cloud service providers and their customers function as individuals rather than a whole system. Today, everyone in a business needs to understand how to manage a cloud service and its assurance stack. Assuming that the cloud service’s foundation is safe, such as the Microsoft or ASW system, can no longer be justified in today’s world of countless data breaches. So it becomes essential to think about the process as our whole business system.

At Canda, we suggest you take the Shared Responsibility Model further and add the As a Service Model and Zero Trust thinking to enhance how you think about your cloud service and ensure that everyone in your organisation understands its importance.

Here is our model explained simply:

  • We use the simple As a Service Model as the basis and add the layer of governance at the top, as overall organisational management will always bear the highest responsibility.
  • The Shared Responsibility Model is still integrated by dividing the layers into two halves.
  • The Zero Trust part adds additional services, such as double authentication, to ensure that the data is fully protected.
  • Additional ICAM service, or Identity, Credential, and Access Management should be determined to control access to the organisation’s data.

At Canda, we believe that this model is more complex and considers all parts of a cloud service while still not being overly complicated! It can be used within a range of different businesses and occupations to ensure that accountability is shared and everyone, both in the organisation and the cloud service provider, understands their responsibility.

Get in touch with us for our template to create your own extended Shared Responsibility Model and ensure that your cloud service functions to its full potential!

If you have more questions about this new model or have security issues within your organisation’s cloud service system that you are struggling to solve, contact our team at Canda, who can help solve your cybersecurity concerns.