CHAPTER 6: CLOUD COMPUTING APPLICATION SECURITY

We concluded Chapter 5 by noting that CSPs view security (quite rightly) as a shared responsibility. A CSP may be quite willing to accept responsibility for the security measures that lie on its side of the trust boundary, but it will (also quite rightly) abjure any responsibility for the security of an application deployed by a third party.

That attitude certainly makes sense; after all, the CSP has no insight into the development practices, testing regimen or operational processes of the application’s owner – how can it possibly accept responsibility for its security?

This bifurcation of security responsibilities is illustrated in Figure 7, which was also presented in Chapter 4. The figure portrays ...

Get Cloud Computing: Assessing the Risks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.