The Shared Responsibility Model in Cloud Computing

The cloud provider is responsible for security of the cloud.

This includes:

• Physical security of data centres
• Hardware and infrastructure
• Core networking
• Power, cooling, and facilities

Providers ensure that:

• Servers are protected
• Infrastructure is maintained
• Systems are reliable

IB students should emphasise that providers protect the foundation, not the data itself.

Customer Responsibilities

The customer is responsible for security in the cloud.

This includes:

• User access control
• Authentication and passwords
• Data protection
• Application security
• Configuration of services

Customers decide:

• Who can access systems
• What data is stored
• How services are configured

Most cloud security failures occur due to customer misconfiguration, not provider failure.

Why Confusion Causes Security Breaches

If customers assume:

• “The provider handles everything”

Then:

• Permissions may be misconfigured
• Data may be exposed
• Accounts may be compromised

Understanding the shared model prevents:

• Data breaches
• Unauthorised access
• Misplaced blame

IB examiners often expect students to link breaches to misunderstanding responsibility.

How Responsibility Changes by Service Type

The level of customer responsibility depends on:

• Type of cloud service used

For example:

• More provider responsibility in fully managed services
• More customer responsibility in self-managed environments

However:

• Customers always control access and data

This principle remains constant.

Shared Responsibility and Risk Assessment

Risk assessment in cloud systems must consider:

• Provider controls
• Customer controls

Ignoring either side increases risk.

IB students should explain that shared responsibility supports clear risk management.

Real-World Examples

Examples of customer responsibilities include:

• Setting strong access policies
• Encrypting sensitive data
• Managing user accounts

Examples of provider responsibilities include:

• Protecting data centre access
• Maintaining hardware security

Both are required for secure systems.

Common Student Mistakes

Students often:

• Say cloud providers handle all security
• Ignore customer configuration
• Focus only on hacking
• Forget shared accountability

Clear division of roles earns marks.

How This Appears in IB Exams

IB questions may ask students to:

• Explain the shared responsibility model
• Identify provider vs customer responsibilities
• Apply the model to a scenario
• Explain why breaches occur

Role clarity is essential.

Final Thoughts

The shared responsibility model explains how cloud security is divided between providers and customers. Providers secure the infrastructure, while customers secure their data, users, and configurations.

Understanding this model allows IB Computer Science students to explain cloud security clearly and realistically — exactly what examiners expect.

Learn the differences between HDDs, SSDs, and NAS for IB Computer Science, including performance, cost, and use cases.