What is the shared responsibility model in cloud security

Question

QA Hub Editorial · Accepted Answer

Short answer

In the shared responsibility model, the cloud provider secures the underlying infrastructure (hardware, networking, facilities), while the customer secures what they put in the cloud: data, identity management, OS patching, and application configuration.

Details

The exact division varies by service model. IaaS (EC2, VMs) places more burden on the customer, including OS updates and firewall rules. PaaS (App Engine, Elastic Beanstalk) shifts OS and middleware patching to the provider. SaaS (email, CRM) places nearly all security responsibility on the vendor, though the customer still manages access and data classification.

Ignoring your side of the model leads to breaches. Misconfigured S3 buckets and overly permissive IAM roles are common customer failures. For foundational security concepts, see how does hashing work to understand credential storage. For data protection regulations, read how to achieve GDPR compliance.

Tips

Regularly audit permissions with cloud-native tools like AWS IAM Access Analyzer or Azure AD access reviews.
Encrypt data at rest and in transit, and manage your own keys if regulatory requirements demand it.
For network-layer security, review how to configure networking with iptables and ufw for concepts that apply to cloud VPCs as well.

Short answer

Details

Tips

Related Questions

How to design for cloud data sovereignty

How to secure cloud workloads with zero trust

How to manage AWS IAM users and policies

How to manage cloud governance and compliance

How to use cloud-native observability with OpenTelemetry

How to use edge computing with cloud CDNs