What is the cloud shared responsibility model?
D3 ยท Architecture ยท CompTIA Security+ SY0-701The cloud shared responsibility model defines the division of security responsibilities between the cloud service provider (CSP) and the customer.
| Service Model | CSP Manages | Customer Manages |
|---|---|---|
| IaaS | Physical, network, hypervisor | OS, middleware, apps, data |
| PaaS | + OS, middleware, runtime | Apps, data |
| SaaS | Everything except data & access | Data, user access |
The key exam point: customers are ALWAYS responsible for their data and access management, regardless of service model. Misunderstanding shared responsibility leads to cloud breaches โ customers assume the CSP secures everything. "Security OF the cloud" (CSP) vs. "Security IN the cloud" (customer).