The cloud shared responsibility model
One of the most common misconceptions about cloud security is that it is the cloud services provider’s responsibility. While this is partially true, moving to the cloud does not mean giving up all responsibility for security.
In the cloud, an organization outsources management of some portion of its infrastructure stack to its cloud services provider. How much of this infrastructure management is outsourced depends on the cloud services model in use (SaaS, IaaS, PaaS, etc.).
A cloud services provider is responsible for securing the portion of the infrastructure under its direct control, but the customer has security responsibilities as well. Cloud services providers delineate this responsibility breakdown in shared responsibility models.
Moving to the cloud can certainly decrease an organization’s infrastructure and security responsibilities. However, companies are still partially responsible for security in the cloud.