What is the shared responsibility model?
The shared responsibility model is a framework for cloud security dictating the security obligations of a cloud computing provider and its users to ensure accountability.
All major cloud solution providers (CSP) offer a model of security that divides the responsibility of securing data stored in the cloud between both the provider and their customers.
This is a key concept for all customers of cloud services to understand as it effectively details what they must do in order to keep their data secure.
Essentially the CSP is responsible for the security of the cloud, that is to say, the hardware, software and physical environment of the cloud. Whereas the customer is responsible for the security of their data in the cloud.
For example, a customer may create a web application within a cloud environment. The CSP is responsible for ensuring the security of the server that the web application resides on, but the customer must secure the application itself – most likely with the use of a Web Application Firewall (WAF).