“Shared Fate”: The Model That Improves Cybersecurity for Customers and Cloud Platforms

Customers and cloud-based companies alike strive every day to secure their sensitive information as much as possible. But how can businesses and clients ensure that their precious online security is met? This is where the “shared fate” model comes into play.

We’ll go over the common model that is being used today in cloud computing, the essential things that you need to know about the shared fate model for cybersecurity, and how this model might pave the way for a new era of online safety.

What is all of this talk of shared responsibility and shared fate? What do these models refer to?

As you know, we have fully embraced the digital age and the transition towards being dependent on cloud computing services such as Amazon Web Services, Google Cloud, Salesforce, and more. As these partly or fully in the cloud environments are becoming increasingly common, we’re left with the issue of responsibility.

When software is purely on-premise, the company using it is primarily responsible for the security of its servers, storage, and data. But with hybrid or fully online platforms, is the company using the software or the company that is hosting the data responsible for its security?

The most common model in use today is shared responsibility, which determines the responsibilities between cloud service providers (CSPs) and their customers. This typically means that customers will deal with configurations and identity and access management, among other things, while the CSP manages the security of their physical servers, layers of operating systems, etc.

On the other hand, shared fate is a model that has been pioneered by Google since 2016, which could be the next step in providing more cybersecurity. In basic terms, it works to provide more security to customers, and thus promotes the security that the CSP provides.

According to Google Cloud representatives, “shared fate is about preparing a secure landing zone for a customer, guiding them while there, being clear and transparent about the security controls they can configure, offering guardrails, and helping them with cyber-insurance.”

Concretely, this would include elements such as:

• Secure-by-default configurations ensure that customers start with a high level of security from the beginning.
• Secure blueprints. Recommended secure-by-default configurations, with configuration code for a secure cloud environment.
• Secure policy hierarchies with automatic configurations for the whole hierarchy for less work in lower-level security settings.
• Consistent availability of advanced security features
• Availability of security solutions for the overall cloud experience
• High assurance attestation of controls. Offering independent reviews of cloud services through compliance certifications, auditing content, and other security actions.
• Insurance partnerships. That can provide specialized insurance for Google Cloud workloads that reduce security risk.

Customers can’t eliminate all risks, and neither can customer service providers, but this could be the next step in the right direction for improved cybersecurity when using cloud computing!