Which responsibility belongs to which company?
"I think you're only going to be as successful as the relationships you build," says Mike Santimaw, VP of information security, innovation labs and corporate solutions at Rent-A-Center. The company has been moving to a serverless architecture and working with AWS.
"We had to check quite a few boxes," Santimaw explains. "Having an honest conversation around what AWS' responsibilities were was vitally important."
There is a shared responsibility between cloud providers and their enterprise customers, Gartner's Judd explains, noting that some security controls are implemented by the provider, some are implemented by the customer, and some are shared between the two. An example of this, he says, is with identity and access management (IAM). A cloud provider will give the customer access to their cloud subscription, and the organization will implement controls to let employees and stakeholders access the data in the environment.
(Image: Aila Images via Shutterstock)