Shared Responsibility Model
The shared responsibility model means that cloud providers maintain some responsibility for security, but some security responsibilities are borne by the customer. To provide a secure environment using cloud services, the customer must be cognizant of where the provider’s responsibilities end, and where their responsibilities start.
The line between customer and provider responsibilities can vary between service providers, and can change depending on what type of service is being provided. For instance, the responsibilities may differ between infrastructure as a service (IaaS) and platform as a service (PaaS).
In general, the customer is always responsible for securing what’s under their direct control, such as:
- Information and Data
- User Access
- Configuration of the cloud platform
- The resources used to connect to the cloud
In general, the cloud provider is always responsible for securing the physical hosts, network, and data centers.