CISOs trying to determine which of the three major cloud service providers (CSPs) offers the best security need to break that question down into two parts: Which one does the best job securing its own infrastructure, and which one does the best job helping you to secure your data and applications?
Security in the public cloud is based on the shared responsibility model, the notion that it’s possible to create a hard line that separates the role of the cloud service provider (securing the platform) with the role of the customer (protecting its assets in the cloud). Sounds good in theory, but in practice the shared responsibility model can be tricky when CISOs are dealing with one cloud vendor, but exponentially more difficult in a multi-cloud world.