In any conversation about cloud security, it won’t take long before someone will mention the shared responsibility model. It ultimately comes down to the fact that the cloud service itself needs to be designed and operated securely by the cloud provider, and their customers need to configure and use it in a way that appropriately secures their data.
We know that doing security well can be hard, whether that’s getting architectures and configurations right, or the more routine things such as patching. It can feel like a never-ending battle, which means that it’s easy to forget to do all of the things that are important.
Make it somebody else’s problem
We’ve advocated for a while now that you should assign as much responsibility for security to your competent cloud provider as you can. Doing that lets you make use of your cloud provider’s security expertise, and reduces the burden on your own IT teams and developers (while still giving you enough confidence that the service is healthy).