Cloud Security in the Nutshell...

Security is fundamental, whether you are developing and managing applications in the cloud or on premises.

For majority of Cloud Service Providers (CSP), security is a shared responsibility between the CSP and you. The AWS shared responsibility model describes this as security of the cloud and security in the cloud. 

So what does security of the cloud and security in the cloud mean?

Security of the cloud – CSP is responsible for protecting the infrastructure that runs your application load or services in the Cloud. CSP secures the data centers, communications endpoints, and access between CSP services and the infrastructure layer. This infrastructure comprises the hardware, software, networking, and facilities that run the Cloud services. The CSP is responsible for the hardware and software that runs your cloud services. 

Security in the cloud – Your responsibility is determined by the CSP service that you use. You are also responsible for other factors, including the sensitivity of your data, your company’s requirements, and applicable laws and regulations. The CSP provides you with secure services and tools to manage access to your resources.

Examples of Responsibility differences of AWS services:

In short the Cloud service provider operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.

While You, as the customer, are responsible for putting in place the security around the services you are using. You are responsible for securing your data, deciding what applications and users have access to and permissions for your data, and making sure that your data is encrypted.

sources & citations: