Manage Security as a Shared Responsibility
- Moving to the cloud doesn’t change what you need to secure, but it completely changes how you manage security and risk.
- Successfully sharing responsibility for IT security and risk management means clearly understanding where your vendor’s capabilities and responsibilities end and yours begin.
“You actually decompose the application into separate modules. Those modules could be running in different data centers, different organizations, and different clouds.”
One of the biggest changes to security and risk management that comes from moving IT assets to the cloud is the shift from an IT stack to a compositional model of application building. The move doesn’t change what you need to secure, but it completely changes how you manage security and risk.