Shared Responsibility Model

Published Nov 28, 2022
Contribute to Docs

The shared responsibility model means that cloud providers maintain some responsibility for security, but some security responsibilities are borne by the customer. To provide a secure environment using cloud services, the customer must be cognizant of where the provider’s responsibilities end, and where their responsibilities start.

The line between customer and provider responsibilities can vary between service providers, and can change depending on what type of service is being provided. For instance, the responsibilities may differ between infrastructure as a service (IaaS) and platform as a service (PaaS).

In general, the customer is always responsible for securing what’s under their direct control, such as:

  • Information and Data
  • User Access
  • Configuration of the cloud platform
  • The resources used to connect to the cloud

In general, the cloud provider is always responsible for securing the physical hosts, network, and data centers.

All contributors

Looking to contribute?

Learn Cloud Computing on Codecademy