Usually, when an enterprise considers cloud adoption, it should look for a clear-cut division of responsibility. It is a myth that the sole responsibility of cloud security would lie with the cloud provider once data and applications are moved to the cloud. On the contrary, replacing on-premise physical infrastructure with a cloud-based environment still requires enterprises to take measures to safeguard servers, storage, applications, and data, as well as the cloud platform itself.
Cloud service providers, as mentioned above, do offer robust security controls across layers as per the cloud service delivery model that the customer has chosen. It is the responsibility of enterprise to leverage those security controls efficiently to safeguard their digital assets on the cloud. The graphic below, which has been adapted from Amazon Web Services, gives an example of how the enterprise and the cloud provider can divide the responsibility for security in the cloud.
