With proliferation of various delivery models, sometimes it becomes difficult to delineate the boundaries of accountability for Cloud Security. At the heart of it, Cloud is built on a shared security model in which Cloud Service Providers (CSPs) and users both have security responsibility.
In order to leverage cloud effectively, business strategy and compliance/security obligations needs to be aligned with shared security model of the cloud.
Before the advent of cloud, enterprises were running their own data center. Hence they were responsible for security of that infrastructure as well as the applications and data that ran on it.
Movement towards public cloud computing model, transfers some (but not all) of the IT security responsibilities to its cloud provider. Both entities – cloud provider and cloud user- must work together and are responsible for various aspects of security.