A development team is deploying container-based services in a hosted environment. The team meets with the vendor to clarify tasks such as data encryption, patching, and legal requirements. Which approach clarifies the distinction between vendor-managed tasks and subscriber-managed tasks for protecting the services?
Defining in writing who handles duty for infrastructure, software updates, and data controls
Implementing an architecture update and referencing the vendor's operational guidelines
Collaborating with the vendor to address security concerns for the environment
Using vendor scanning services as part of security measures
An agreement that identifies provider and subscriber responsibilities is the most effective way to define who handles tasks like patching, encryption, and monitoring. Simply referencing guidelines when making updates does not ensure there is a clear division of roles. Relying on the vendor’s scanning services can be part of a security approach, yet it does not address the overall separation of duties. Collaborating with the vendor adds value, but it should also detail specific obligations that each party will manage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the significance of defining responsibilities in writing for vendor and subscriber tasks?
Open an interactive chat with Bash
What is a Shared Responsibility Model in cloud security?
Open an interactive chat with Bash
Why is relying solely on vendor scanning services not sufficient for security?