A financial organization is moving its internally developed customer-facing web portal to a public Infrastructure-as-a-Service (IaaS) provider. Because the site processes regulated personal data, the security team reviews the shared-responsibility matrix. Which activity will remain the organization's responsibility after the migration?
Implementing secure coding practices and patch management for the portal's application code.
Ensuring the physical servers hosting the service are updated with the latest firmware patches.
Upgrading the provider's core network components, such as routers and switches, to support higher throughput.
Maintaining environmental controls such as humidity and temperature within the cloud data center.
In the IaaS model, the cloud provider handles the underlying facilities, physical servers, network hardware, and virtualization layer. The customer retains control of everything it installs on top of that stack-including the guest operating system, application code, and associated patches. Therefore, the organization must continue to apply secure coding practices and keep its portal software up-to-date. Environmental controls, firmware updates on the provider's servers, and backbone network hardware upgrades are handled by the cloud provider.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the shared-responsibility model in cloud computing?
Open an interactive chat with Bash
Why is secure coding important in the IaaS model?
Open an interactive chat with Bash
What are some examples of IaaS services, and how do users interact with them?