Managing people, processes and technology is at the core of cloud security, and in order to manage your cloud security, organizations need to put in place policies to protect data and applications in the cloud. AWS gives organizations the control they need to do this. While AWS’s network of data centers and network services are designed and stringently managed in line with compliance needs to protect the cloud itself, the onus to secure applications, identity, access, operating systems, etc., is on the organizations itself. In other words, AWS takes the responsibility to maintain security of the cloud itself, but within in the cloud, the responsibility belongs to the client.
AWS describes this ‘shared responsibility model’. By providing the necessary security and compliances, AWS protects your information assets and workloads. By enabling customers to automate manual security tasks, AWS frees them to focus their efforts on core business matters.