Cloud Security Guide: Shared Responsibility, Misconfiguration, CSPM and CASB
Who is responsible for security in the cloud? The shared responsibility model on AWS, Azure and Google Cloud, the misconfiguration that causes most breaches, plus CSPM, CASB, CWPP and core controls, with CSA and NIST sources.
Cloud Security Guide: Shared Responsibility, Misconfiguration, CSPM and CASB
Quick answer: The costliest cloud myth is "the provider protects everything." The reality is the shared responsibility model: the provider secures the infrastructure, while you secure your data, identity settings and configuration. The vast majority of cloud breaches come not from genius attacks but from misconfiguration (public storage, over privileged identities, open management ports). DSET scans your AWS, Azure and Google Cloud configuration, reports the risks on your side and fixes them: +90 536 662 38 09.
Shared responsibility: who owns what
The boundary shifts by service model:
| Layer | IaaS | PaaS | SaaS |
|---|---|---|---|
| Data center, hardware | Provider | Provider | Provider |
| Virtualization, network | Provider | Provider | Provider |
| Operating system | Customer | Provider | Provider |
| Application, runtime | Customer | Shared | Provider |
| Data, identity, access | Customer | Customer | Customer |
Whatever the model, securing your data, identities and access is always yours. The provider secures "the cloud," you secure "what's in the cloud."
The biggest danger: misconfiguration
- Public storage buckets open to anyone who finds them.
- Over privileged identities breaking least privilege.
- Exposed management ports and databases.
- Missing logging, so breaches go unnoticed for months.
- Unencrypted data and weak key management.
CSA and OWASP flag these as top cloud risks.
Tools: CSPM, CASB, CWPP
- CSPM: continuously scans config for public buckets, unencrypted disks, MFA-less admins.
- CASB: controls shadow IT and data loss between users and cloud.
- CWPP: protects VMs, containers and serverless at runtime.
Six core controls
- MFA on every admin; IAM is the heart of cloud security.
- Least privilege; avoid broad "*" grants.
- Encryption at rest and in transit.
- Continuous monitoring by feeding cloud audit logs into SIEM.
- Backups; durability is not backup.
- Configuration auditing with CSPM, continuously.
KVKK and data residency
For personal data, where it is stored and cross border transfer conditions matter for KVKK compliance; responsibility is yours as data controller.
FAQ
Is the cloud less secure than on premises?
No; configured correctly, major providers are usually more secure than a private server room. The problem is your side's misconfiguration.
Does the provider back up my data?
Durability means multiple copies, not backup; it will not restore data you deleted or that ransomware encrypted. Take independent, ideally immutable backups.
How to manage multi-cloud?
Use a single, consistent CSPM and IAM approach to close blind spots.
Reach us for a cloud configuration assessment: our cloud security solution or +90 536 662 38 09.
Sources
Kimliğinizi doğrulayın
Yetkilendirilmiş erişim alanı. Tüm giriş denemeleri kayıt altına alınır.