Contributions from
George Fitzmaurice published 1 hour ago
Knowing where your obligations end and your cloud provider’s begin isn’t always straightforward in the cloud – but it is essential for proper security and compliance
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
When a cybersecurity incident implicates both a vendor and a customer, it’s not always clear where responsibility lies. While customers lack oversight on a tool’s underlying security, the provider lacks oversight on how securely the tool is being used.
Under the ‘shared responsibility model’, the division of roles seems fairly straightforward. Crowdstrike’s definition, for example, states that the cloud provider is responsible for monitoring threats to the cloud and its infrastructure, while customers are responsible for the protection of data and assets within the cloud environment.
Speaking to ITPro, Nick Godfrey, director of the office of the CISO at Google Cloud, says the answer is a new approach to responsibility in the public cloud landscape, the shared fate model.
Godfrey outlines how the shared responsibility model was developed to deal with the new territory cloud represented.
testing