Close this search box.

MSPs, AWS & Shopify: What Are Your Security Responsibilities


Having an AWS environment or using Shopify does not mean your business is cyber secure.

A lot of online businesses don’t think too much about their security. Someone else takes care of that, right? Unfortunately, that’s not quite the case. Whether your business uses a managed service provider (MSP), Shopify, AWS or another platform, you need to be aware that there are limitations to how much these providers can protect you and your business.

Most of these services do put a lot of effort into security. They have to, because if their clients were constantly being attacked, there would be a huge rush to their competitors. Trusted MSPs will have secure infrastructure, devices, computers and software in place, taking care of updates, patching, auditing and a number of other important aspects of your security.

No one denies that Shopify does a lot to keep client data secure. For example, it’s compliant with the Payment Card Industry Data Security Standard (PCI DSS) and equipped with firewalls to protect its systems. Its accounts come with free SSL certificates and they also offer vulnerability management and access control tools. On top of this, they have a bug bounty program which they use to seek out security flaws.

AWS takes its security seriously as well, providing strong “security of the Cloud”. This means that it takes care of security for the hardware, software, networking and other aspects of the Cloud service.

All of these services can be great, taking a lot off your plate when it comes to your security. But that doesn’t mean that they can keep you safe from all cyber attacks.

What Are Your Security Responsibilities?

To start with, you need to be aware that not all MSPs are created equal and some may not take your security as seriously as necessary. Do your research beforehand to make sure that you commit to a reliable provider.

An MSP will not be responsible for the security of your website or the security practices of your people. What many businesses fail to grasp is who is actually responsible for their security of their data. Having a provider issue new laptops to your employees is not going to prevent your website from suffering an SQL Injection attack and customer data being stolen. These potential security gaps are only identified by a deep security review or penetration tests – and MSPs just don’t do that kind of work.

Even if you are using the services of a trusted provider, there are still a number of ways that you can be attacked. Insider threats, such as disgruntled employees who already have access to your systems may decide to steal your data or bring down your business from the inside. If you have weak passwords, external attackers can brute-force their way in to exfiltrate data and commit other cybercrimes.

Likewise, despite Shopify’s many protections, it cannot stop insider threats or hackers from busting open weak passwords and trawling through your data. Depending on which cloud service a client uses, they may have significant security responsibilities. Amazon EC2, Amazon VPC and Amazon S3 each leave all of the security configurations and management tasks up to the client.

No matter how much of your operations you delegate to outside services, your online store will always have its own responsibilities when it comes to security. These may be as simple as employing good password management and reducing access privileges to only what’s necessary.

The important thing is to recognise what your responsibilities are, so that they don’t get neglected. The last thing you want is to suffer a devastating breach, then have your service provider pointing to the fine print in the contract, telling you it’s not their problem.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →