Last year spending on public cloud IT infrastructure surpassed spending on traditional IT infrastructure for the first time, according to IDC. It’s easy to see why: Companies “born in the cloud” and more traditional organizations are migrating to the cloud not only for their remote work needs, but also as a way to gain speed, reliability, and flexibility. Benefits aside, there are plenty of pitfalls from cloud adoption that can undermine security and negatively impact operations. Some organizations believe that the use of public cloud services allows them to outsource all of their security needs; while there are great tools from cloud service providers like AWS, Microsoft, and Google, they don’t cover the entire threat surface. Organizations adopting cloud need to know where their security responsibilities lie.
The shared responsibility model delineates the obligations of cloud computing providers and their customers to assign security responsibilities and accountability. Cloud providers and their customers each own various elements of security. In short: