While security concerns hindered cloud adoption for many years, organizations have come to understand that cloud can actually offer enhanced security due to the Shared Responsibility Model . As we talked about in part 1 of these series , the Shared Responsibility Model divides security maintenance and responsibilities between the subscribing organizations and the cloud service provider. This model has been adopted widely by top public cloud providers, including AWS and Azure.
The general rule is that the cloud service provider is responsible for security of the cloud, while the organization is responsible for securing what and who goes into the cloud. More specifically, the cloud service provider is largely responsible for physical infrastructure security, host infrastructure, and computing, networking, and storage software. This is security of the cloud.
The customer is responsible for security in the cloud. This constitutes access management, endpoint protection, application security, firewall configuration, encryption, and data integrity. Organizations are responsible for deploying the necessary solutions and processes to protect what they store within the cloud.
This shared responsibility model can make the cloud a secure option for organizations, however, only if they have a team with cloud security know-how to deploy data protection solutions, access management policies and tools, and monitor cloud activity for suspicious data movement that might indicate a threat.
However, a recent survey notes that 29 percent of organizations face a shortage of cloud computing security skills within their personnel.