The Shared Responsibility Model
Cloud providers secure the underlying infrastructure, while customers are responsible for securing their data, identities, and configurations within that infrastructure. Misunderstanding this split is a leading cause of cloud incidents.
Core Cloud Security Basics
- Identity and Access Management (IAM) — grant only the minimum permissions each user or service needs.
- Encryption — encrypt data both at rest and in transit.
- Configuration management — regularly audit storage buckets and databases for accidental public exposure.
- Logging and monitoring — enable audit logs to detect unusual access patterns.
example: least-privilege IAM concept
# Grant only what is needed, nothing more
role: read-only-analytics
permissions: [storage.read]
The majority of cloud data exposures result from misconfiguration, not sophisticated attacks — a small oversight can have a large impact.
Cloud Security Checklist
- Enable multi-factor authentication for all cloud accounts.
- Regularly review IAM roles and remove unused permissions.
- Audit storage buckets and databases for public access.
- Enable logging and set up alerts for unusual activity.