As we shifted into the cloud, we needed to be able to draw a line to say, 'What's the customer responsible for?' For example, the cloud provider would, in that model, be responsible for the physical environment, the data centers, and some of the physical networking and computing that underpin the cloud.
Conversely, the customer would be responsible for the identity and access management of who in their organization has access to their applications on top of the cloud. The complexity comes because the point of delineation varies depending on what type of cloud you're using.
The cloud ecosystem comprises a number of different technologies and depending on what the businesses have implemented, the responsibility of the cloud provider could reach deeper into the organization.
For example, software as a service (SaaS) solutions such as an HR portal used by employees are virtually always limited to managing identity and access data within that portal. In contrast, infrastructure as a service (IaaS) tools often...
#cloud-security #shared-responsibility-model #cybersecurity #vendor-responsibility #customer-responsibility
Collection
[
|
...
]