What is the Shared Fate Model? - taulaentitatssarria.cat

Question: What is the shared fate model and how does it differ from the shared responsibility model?

Nick Godfrey, Director of the Office of the CISO, Google Cloud: Shared responsibility is a framework as old as cloud technology, designed to delineate security and privacy responsibilities between cloud service providers (CSPs) and their customers. For example, the CSP would be responsible for the physical environments that support the cloud, while the customer would be responsible for identity and access management. The problem with this model is that these rigid boundaries lead to security gaps if either party fails to fulfill its role effectively.

Ultimately, if an organization has a security problem related to their operational responsibilities as part of the shared responsibility model, it is also a problem for cloud providers. Today’s security landscape is more complex than ever before; new AI-driven threats, a growing talent shortage, and increasing regulatory pressure are requiring CSPs to move beyond the narrow shared responsibility framework and support a more resilient model – we call it “shared destiny.”

The shared fate model is centered on the customer’s needs, with the CSP leveraging its expertise to play an active role in the customer’s security. This model provides enhanced support for organizations in three key ways:

Improved collaboration: This model fosters a partnership where both the cloud provider and the customer work together to ensure a secure environment. Providers not only delineate responsibilities but also actively support the customer’s security posture. This results in a more integrated and supportive approach to managing risk.
Actionable steps and guidelines: Through frameworks and best practices, providers can establish actionable steps and guidelines to help customers achieve policy, regulatory, and business objectives. This includes resources for securing data, controlling access, and protecting against threats. By providing customers with tailored resources, advice, and support, the burden of implementing and managing complex security measures on their own can be significantly reduced.
Robust default settings for cloud services: The shared fate model suggests that a CSP focuses on delivering robust defaults for cloud services. This requires cloud providers to build products that are secure by design and default, and that help customers secure their environments, rather than adding to them.

The shift from a shared responsibility model to a shared fate model creates a more collaborative approach to security. Of course, there will always be some responsibility on the customer for their security, as no single cloud provider can claim responsibility for 100% of an organization’s security or activity in the cloud. The difference with shared fate is that with this approach, the cloud provider takes a significantly more active role in the customer’s security – to the point where, if something were to go wrong, the cloud provider would invest heavily and be able to better support the customer on that journey. By having cloud providers and customers work closely together, we create an environment that fosters a more integrated and overwhelmingly more secure landscape and a stronger cyber strategy.

Related Posts

‘L’Equipe’: Wechsel von Moukoko zu Nizza vor dem Abschluss ()

“Nieuwe Zeitrechnung” after Einzug in SAP Garden

First-quarter comparables missed results – Longhorn stark, Olive Garden schwach From Investing.com