In a cloud-native environment, the Shared Responsibility Model for code security outlines the division of security duties between a cloud service provider (CSP) and the customer. The model dictates that the CSP is responsible for the security of the cloud, while the customer is responsible for security in the cloud.
This model applies directly to code security as follows:
CSP Responsibility (Security of the Cloud): The CSP is responsible for the security of the underlying infrastructure on which the customer's code runs. This includes the physical servers, storage, networking hardware, and the virtualization layer. For managed services like AWS Lambda, the CSP secures the underlying operating system and the serverless execution environment itself.
Customer Responsibility (Security in the Cloud): The customer is solely responsible for the security of their own code. This includes securing the application code from vulnerabilities, ensuring proper access control, and managing sensitive data and secrets. This responsibility extends to the open-source components, third-party libraries, and APIs used in the code. Security tools like Static Application Security Testing (SAST) and Software Composition Analysis (SCA) fall squarely under the customer's purview.
By understanding this division, a customer can build a comprehensive security program that focuses on what's their responsibility, leveraging the security provided by the CSP to build a more resilient application.
Top comments (0)