Request a cyber security review
0330 043 0826 | [email protected]
InfoSec Governance Logo

Shared Responsibility: A Quick overview

Shared Responsibility: A Quick overview

What is Shared Responsibility?  Shared responsibility is a model where you as a business don’t have full responsibility for all your data, your systems, your infrastructure, and so on. The shared responsibility model is a security design principle, which understands that businesses don’t usually operate in isolation when it comes to information.

But instead, they use and rely upon many external systems and processes which could impact how you and your business store the data as well as how it’s processed and what laws or regulations you comply with.

Therefore, as a business, you need to make sure that everyone is aware of who has responsibility for information security. For example, in the business, who has access to confidential information such as payroll or company contracts? Who can create user accounts, on servers, computers or cloud-based systems as well as who is patching machines and managing and monitoring antivirus and firewall logs?

Now depending upon the size of your business, it will depend upon how this is performed, small and micro business may have one person who is managing all of this, but larger businesses, should have teams or groups of people who are responsible for various aspects of information security and knowing who is responsible for what.

This is especially true, now that almost all businesses have some form of cloud-based platform reliance, the cloud systems that you use in the business will have a certain responsibility for the protection of your data and systems, depending upon what you are using them for.

For example, if you are using Infrastructure as a Service, you will need to know who is responsible for ensuring that security patching, the backing up, the antivirus, potentially creating user accounts and so forth is being performed correctly. Which areas are the cloud vendor responsible for? And which areas is the business responsible for.

Now when we talk about cloud based shared responsibility, there is a specific “Cloud security shared responsibility” model which is available and the NCSC have a great article which covers it in more detail.

Cloud Responsibility Model

The shared responsibility model plays an important part when it comes to the Cyber Essentials certification as you must be aware of who has access to your information and how your systems are protected against possible cyber-attacks.

By ensuring you know who is responsible for what with the business and your external systems, you can be safe in the knowledge that you know who has access to what data and what systems.