The cloud's shared security responsibility model
As the cloud is becoming the norm and many organizations are moving their workload to a public cloud such as AWS, Google Cloud Platform (GCP), and Azure, the customer needs to understand the cloud security model. Security in the cloud is a joint effort between the customer and the cloud provider. Customers are responsible for what they implement using cloud services and for the applications connected to the cloud. In the cloud, customer responsibility for application security needs depends upon the cloud offerings they are using and the complexity of their system.
The following diagram illustrates a cloud security model from one of the largest public cloud providers (AWS), and it's pretty much applicable to any public cloud provider, such as Azure, GCP, Oracle, IBM, or Alibaba:
Figure 8.12: AWS cloud shared security responsibility model