The shared responsibility model is spelled out in the terms of services document of every CSP from Microsoft to Amazon. However, it is arguably the least understood and most misconceived concept. Simply put, the shared responsibility model outlines the CSP's responsibility to maintain a secure and continuously available service and enterprises' responsibility to ensure secure use of the service. Why is such a concept so difficult to comprehend and open to varying interpretations? Is the difference between security of the service and secure use of the service so significant? Aren't enterprises moving to the cloud so they don't have to deal with these types of responsibilities?
This white paper examines the root cause behind the confusion, some unfortunate scenarios that resulted from the confusion, and how some enterprises are successfully addressing and embracing the shared responsibility model.