The cloud and technologies related to it are everywhere in our everyday life – Uber, Pyszne.pl, Gmail, Netflix, etc. All these services have one thing in common – the cloud. Using cloud solutions does not mean buying services in AWS, GCP, or Azure. Often we may not even be aware that we are participating in it.

Can we, therefore, feel secure in the cloud? Who is responsible for security? WE – cloud users or THEM – cloud providers? It is our shared responsibility! Depending on the model we adopt (SaaS, PaaS, IaaS), we may be responsible for more or fewer things.

• SaaS (Sofware as a Service): we are responsible for our data, but we are no longer interested in the provider’s OS configuration – e.g., Gmail
• PaaS (Platform as a Service): we are responsible for the data, and additionally, we are partially responsible for the configuration of our application – e.g., Apache web service
• IaaS (Infrastructure as a Service): here, the responsibility is much more significant and includes min. OS configuration – e.g., cloud-based Virtual Private Server (VPS)

Suppose you decide to use cloud solutions in your organization. In that case, it is essential to understand the shared responsibility model so that you can assess the risk and choose a secure solution for you.

We recommend the article on the Microsoft website: https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

REMEMBER! Using the cloud does not relieve you of your responsibility. Please don’t spend too much time with your head in the clouds 😉