This is more to do with the approach to the security responsibility issue. Because many standard security controls are applied at the application layer or in the data store, both of which are typically owned by whoever controls the software application, often the customers retain control of and responsibility for many specific security functions. In the IaaS and PaaS models, many standard security controls, such as backups, encryption, access management, logging attributes and IDS , must be provisioned and executed by the customer. If you see the responsibility for cloud security is generally allocated with the preferred cloud service providers, and you. The manner in which this responsibility is delegated will depend on the specific solution designed provide the cloud service. Specific categories of requirements correlate to which party controls which portion of the computing infrastructure customer or the cloud service provider. For instance, the preferred cloud service ...