A security architect is designing an application using a serverless, Function-as-a-Service (FaaS) model. During a design review, a developer claims that the cloud provider is solely responsible for securing the application code against vulnerabilities like SQL injection, since the provider manages the entire underlying infrastructure and runtime. Which of the following principles BEST refutes the developer's claim?
The shared responsibility model dictates the division of security obligations between a cloud provider and its customers. While the provider is responsible for the security of the cloud (e.g., physical infrastructure, hypervisor, managed runtimes), the customer is responsible for security in the cloud. This includes securing their own application code from vulnerabilities, managing data, and configuring access controls. Therefore, the developer's claim that the provider is solely responsible for code-level security is incorrect.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the shared responsibility model?
Open an interactive chat with Bash
What are code-level vulnerabilities?
Open an interactive chat with Bash
How can users mitigate injection flaws in their code?