The Cloud Shared Responsibility Model

Under the shared responsibility model, public cloud customer have specific responsibilities to ensure security and compliance.

What Makes The Cloud Secure and Compliant?

Many public cloud platforms can be configured to achieve cybersecurity and meet regulatory standards. Specific safeguards must be addressed for managing and monitoring security compliance in AWS and the cloud.

Administrative Safeguards

Written policies and procedures, staff training, contingency planning, monitoring and policy review

Technical Safeguards

Security controls including encryption, data integrity, authentication, backup/failover, auditing and logging

Physical Safeguards

Security standards related to physical servers, media and employee access to production systems

Cloud Compliance: A Joint Effort

Compliance with regulatory standards and cybersecurity frameworks such as HIPAA /HITECH, SOC 2, GRPR, and PCI DSS are joint effort between cloud providers and your organization. It is a constant process of review, monitoring, and maintaining security standards. Public cloud providers such as Amazon Web Services (AWS) typically provide a Business Associates Agreement (BAA) that dictates specific security standards managed by the provider or required by your organization. These agreements outline cloud service configuration and layout technical and physical safeguards.

It is the responsibility of your organization to properly configure your cloud environment, create organizational policies, and develop applications that meet relevant compliance standards.

aws hipaa compliance
microsoft azure

The Shared Responsibility Model


Unpacking the requirements for maintaining compliance in the public cloud

Cloud Provider Responsibilities

Cloud platforms are responsible for security and compliance
OF the Cloud.

  • Physical Access Controls
  • Data Access and Disposal
  • Internal Networking
  • Specific Security Agreements such as BAAs

Cloud Provider Responsibilities

Your Responsibilities

Your organization is responsible for security and compliance
IN the cloud.

  • Staff and Organizational Policies
  • Backup and Disaster Recovery
  • Service Availability and Failover
  • Auditing and Logging
  • Firewall Configuration
  • Data Storage and Encryption
  • Policies

Your Responsibilities

Achieve Compliance In The Cloud

Dash ComplyOps enables teams to build and manage a robust security and compliance program in Amazon Web Services (AWS) and the public cloud. Dash helps your team to manage all security responsibilities your team are required to handle under the of the Shared Responsibility Model and provides baseline security programs for achieving compliance with HIPAA/HITECH, SOC 2, and HITRUST CSF

  • Create custom cloud security policies
  • Enforce policies and technical standards with cloud monitoring
  • Achieve and maintain compliance with HIPAA, SOC 2, and HITRUST

Ready To Automate Compliance In The Cloud?

See how teams manage cloud compliance program with the Dash ComplyOps Platform.

AWS Partner Healthcare Competency