Cloud providers have developed a shared responsibility model to ensure they address security across infrastructure and locations.
Understanding where your provider's responsibility ends and where yours begins is key to a successful cloud security implementation. The cloud customer is always responsible for the security of data, devices, and accounts. The cloud provider is always responsible for the physical hosts, network, and data center.
A shared responsibility model can differ, however, depending on whether you're using infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), or software-as-a-service (SaaS).
IaaS
With IaaS, the customer is responsible for the security of the identity and directory infrastructure, applications, network controls, and operating system.
PaaS
With PaaS, the cloud provider is responsible for the operating system's security.The provider shares responsibility with the customer for the security of network controls, applications, and identity and directory infrastructure.
SaaS
With SaaS, the cloud provider is responsible for the security of the operating system, network controls, and applications. The provider and the customer share responsibility for identity and directory infrastructure security.
It is up to cloud customers to ensure their side of the shared responsibility model stays secure. Unfortunately, Gartner estimates that 99% of cloud security failures are the customer’s fault. So, you will need to ensure that you are employing the best security technologies and practices when you develop chips in the cloud.