As organizations scramble to support remote workforces, cloud adoption has accelerated in the past year. Despite rapid adoption and growth, companies often misunderstand a key cloud concept: the shared responsibility model (SRM).
Many business leaders are still asking, “Is the cloud safe?” This is a wrong question. A more appropriate question is, “As a security team and organization, are we protecting our share in the cloud?” The vast majority of cloud data breaches/leaks are caused by customers. Gartner predicts that by 2025, 99% The cloud security failure will be the customer’s fault. Therefore, all security practitioners must understand their responsibilities.
What is the shared responsibility model?
The shared responsibility model describes what you, the cloud customer are responsible for, and what your cloud service provider (CSP) is responsible for. The CSP is responsible for the “”security” of the cloud-think about physical facilities, utilities, cables, hardware, etc. The customer is responsible for the security of the “cloud”-meaning network control, identity and access management, application configuration and data.
In other words, this division of responsibilities can be changed according to the service model you use. At a basic level, the NIST cloud computing definition defines three main cloud service models: