Shared Security Responsibility Model
Security and Compliance is a shared responsibility between AWS and the customer. When
customers move their computer systems and data to the cloud, security responsibilities are
shared between the customer and the cloud service provider. When customers move to the AWS Cloud,
AWS is responsible for protecting the global infrastructure that runs all of the
services offered in the AWS Cloud. For abstracted service, such as Amazon S3 and Amazon DynamoDB, AWS is also responsible for the security of the operating system and platform.
Customers and APN Partners, acting either as data controllers or data processors, are
responsible for anything they put in the cloud or connect to the cloud. This differentiation
of responsibility is commonly referred to as security of
the cloud versus security in the cloud. This shared model
can help reduce customers’ operational burden, and provide them with the necessary flexibility
and control to deploy their infrastructure in the AWS Cloud. For more information, see the
AWS Shared
Responsibility Model
The GDPR does not change the AWS shared responsibility model, which continues to be relevant for customers and APN Partners who are focused on using cloud computing services. The shared responsibility model is a useful approach to illustrate the different responsibilities of AWS (as a data processor or sub-processor) and customers or APN Partners (as either data controllers or data processors) under the GDPR.