According to the shared responsibility model in cloud computing, the security and compliance obligations are split between the cloud service provider and the cloud customer. The service provider is responsible for the security of the cloud infrastructure itself (also known as 'security of the cloud'), while the customer must manage the security of what they put in the cloud (or 'security in the cloud'). This includes data encryption, identity and access management, network traffic protection for customer-created or managed resources, and other data-related security concerns. It is important for customers to understand that they retain control and therefore responsibility for securing their own data.