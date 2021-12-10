Digital transformation is now the enterprise holy grail. An important part of this journey is cloud adoption as organizations leverage new technologies like containers, Kubernetes, serverless computing, machine learning, etc. During transformation projects, companies typically follow established industry practices around continuous delivery and DevOps but overlook one key aspect: security.

Cloud opens up a whole new world for cyber attackers to exploit data. Recently, McAfee found that post-pandemic, “threats from external actors targeting cloud services increased 630%, with the greatest concentration on collaboration services like Microsoft 365.” In fact, everyone from Alibaba to the Australian Parliament House has been breached.

One of the key reasons this happens is that organizations don’t realize that adopting the cloud will not absolve them of the responsibility of securing applications.

In a data center model, you are responsible for security across different operating environments such as your applications, physical servers, user controls and even the physical security of the building. Whereas in a cloud environment, your cloud vendor typically takes care of lower-level infrastructure, including related security. However, you are responsible for the rest.

This is called the shared responsibility model. In this article, we explore what the shared responsibility model entails and how you can protect your cloud services.