Cloud shared responsibility model explained, who secures what

The shared responsibility model is the contract that decides which security controls belong to the cloud provider and which belong to you. The line moves depending on the service tier: IaaS gives you the most control and the most responsibility; SaaS the least of both. Mistaking which side a control falls on is one of the most common, and most expensive, cloud security mistakes.

Why What is the cloud shared responsibility model? matters

Compliance audits, breach investigations, and incident-response retros consistently find that the misunderstanding of who owns what control caused the gap. Treating S3 server-side encryption as 'AWS handles encryption' misses that you still chose the key, the rotation policy, and who could decrypt.

Cloud Security Became A Coordination Problem
What Is Cloud Security?
Secrets Management Best Practices
Most Security Programs Optimize for Auditability, Not Reality

Related concepts

What is zero trust?, the security model that replaces the perimeter
What is least privilege?, the cloud security principle
AWS S3 security explained, public access, encryption, attack chains
AWS KMS explained, what it is and how to use it safely

Recommended learning paths

Cloud Security Fundamentals
AWS Security Best Practices
Enterprise Cloud Security Architecture

Hands-on labs

Hands-On: Multi-Cloud Security

Cloud shared responsibility model explained, who secures what

Why What is the cloud shared responsibility model? matters

Related articles

Related concepts

Recommended learning paths

Hands-on labs