Cloud shared security responsibility model/en: Difference between revisions

From Alliance Doc
Jump to navigation Jump to search
(Updating to match new version of source page)
(Updating to match new version of source page)
Line 6: Line 6:


==Research team responsibilities: Security in the cloud==
==Research team responsibilities: Security in the cloud==
Research teams are responsible for security controls to protect the confidentiality, integrity, and availability of their research data.  Each team is responsible for installing, configuring, and managing their virtual machines, as well as their operating systems, services and applications.  They must [[Security_considerations_when_running_a_VM#Updating_your_VM|apply updates]] and security patches on a timely basis.  They must configure security group rules that limit the services exposed to the Internet.  They must ensure backup and recovery procedures are implemented and tested.  They must ensure the [https://en.wikipedia.org/wiki/Principle_of_least_privilege principle of least privilege] is followed when granting access.
Research teams are responsible for
* implementing security controls to protect the confidentiality, integrity, and availability of their research data;
* installing, configuring, and managing their virtual machines, as well as their operating systems, services and applications;
* [[Security_considerations_when_running_a_VM#Updating_your_VM|applying updates]] and security patches on a timely basis;
* configuring security group rules that limit the services exposed to the Internet;
* implementing and testing backup and recovery procedures;
* ensuring the [https://en.wikipedia.org/wiki/Principle_of_least_privilege principle of least privilege] is followed when granting access.


==Cloud team responsibilities: Security of the cloud==
==Cloud team responsibilities: Security of the cloud==
Cloud teams are responsible for protecting our cloud platforms.  They are responsible for configuring and managing these compute, storage, database, and networking capabilities.  They must apply updates and security patches applicable to the cloud platform on a timely basis.  The environmental and physical security of the cloud infrastructure is also their responsibility.   
Cloud teams are responsible for
* protecting our cloud platforms;
* configuring and managing these compute, storage, database, and networking capabilities;
* applying updates and security patches applicable to the cloud platform on a timely basis;
* ensuring the environmental and physical security of the cloud infrastructure.   


Our cloud teams do not support or manage virtual machines.  However, if a virtual machine is adversely impacting others, it may be shut down and locked by a cloud team.  In these cases, the research team may be asked to provide remediation plans before access to the virtual machine is restored.  This is so that others are protected.
Our cloud teams do not support or manage virtual machines.  However, if a virtual machine is adversely impacting others, it may be shut down and locked by a cloud team.  In these cases, the research team may be asked to provide remediation plans before access to the virtual machine is restored.  This is so that others are protected.

Revision as of 18:44, 27 January 2023

Other languages:


Canada’s advanced research computing environment includes several cloud platforms for research. This document’s purpose is to describe the responsibilities of the cloud teams who administer our cloud platforms; the responsibilities of the many research teams who use these platforms; and shared responsibilities between both. Security in the cloud is the responsibility of our research teams. Security of the cloud is the responsibility of our our cloud teams.

Cloud shared security responsibility model (Click for larger image)

Research team responsibilities: Security in the cloud

Research teams are responsible for

  • implementing security controls to protect the confidentiality, integrity, and availability of their research data;
  • installing, configuring, and managing their virtual machines, as well as their operating systems, services and applications;
  • applying updates and security patches on a timely basis;
  • configuring security group rules that limit the services exposed to the Internet;
  • implementing and testing backup and recovery procedures;
  • ensuring the principle of least privilege is followed when granting access.

Cloud team responsibilities: Security of the cloud

Cloud teams are responsible for

  • protecting our cloud platforms;
  • configuring and managing these compute, storage, database, and networking capabilities;
  • applying updates and security patches applicable to the cloud platform on a timely basis;
  • ensuring the environmental and physical security of the cloud infrastructure.

Our cloud teams do not support or manage virtual machines. However, if a virtual machine is adversely impacting others, it may be shut down and locked by a cloud team. In these cases, the research team may be asked to provide remediation plans before access to the virtual machine is restored. This is so that others are protected.

Shared responsibilities

Compliance is a shared responsibility between our cloud teams and the research teams using our cloud services. Everyone is responsible to comply with applicable laws, policies, procedures, and contracts. Alliance Federation and institutional policy compliance is required, particularly with respect to the Terms of Use. Being good Net citizens will protect the reputation of our networks and prevent all of us from being blocked or banned.

If you have any questions about this model please contact cloud@tech.alliancecan.ca.

Further resources

For more information please see the following resources:

Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Cloud_shared_security_responsibility_model/en&oldid=128219"