The Cloud Shared Responsibility Model — and the Gap It Leaves

The Provider Secures Less Than You Think

Moving to the cloud does not outsource your security. Providers secure the infrastructure — the data centres, the hardware, the hypervisor. Everything you configure on top is yours.

Where the Gap Sits

Your responsibility includes access control, identity, network rules, encryption settings and the data itself. The headline cloud breaches are rarely the provider's failure — they are misconfigured storage, over-permissive access, and credentials left in code.

The fix is treating cloud configuration as a security discipline: least-privilege access, sensible defaults, regular review, and someone clearly accountable. The cloud can be more secure than your old server room — but only the half you are responsible for.