Cloud Security
Shared Responsibility Model
Also known as: Shared responsibility, Cloud responsibility matrix
Definition
A cloud security framework that splits security duties between the cloud provider (security of the cloud) and the customer (security in the cloud).
Examples
- AWS secures the S3 service; the customer is responsible for bucket policies and object encryption.
- Microsoft secures the Microsoft 365 platform; the tenant must configure conditional access and DLP.
Related terms
Cloud Security
The set of policies, controls, and technologies that protect data, applications, and infrastructure hosted in public, private, or hybrid cloud environments.
Infrastructure as a Service (IaaS)
A cloud service model in which the provider delivers virtualized compute, storage, and networking, while the customer manages the OS, middleware, and applications on top.
Platform as a Service (PaaS)
A cloud model in which the provider manages the runtime, middleware, OS, and infrastructure while the customer focuses on application code and data.
Software as a Service (SaaS)
A cloud delivery model in which a vendor hosts and operates an application that customers access over the Internet on a subscription basis.
Cloud Misconfiguration
Cloud Misconfiguration — definition coming soon.
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.