The following table sets out the division of responsibilities for using and managing Cloud services, shared between the provider (Aruba Cloud) and the Customer.
It should not be assumed, when using a Cloud service, that the provider takes responsibility for any manner of problem, whether technical, legal or regarding security.
As shown in the table below, the provider is not responsible for the management and classification of data. Distinguishing between sensitive and public data, for example, is entirely the responsibility of the Customer. The physical security of the Cloud infrastructure, on the other hand, is entirely the responsibility of the provider.
Further to these distinctions, it is common to speak of security "of the" Cloud and "in the" Cloud.
Security "of the" Cloud is managed by the provider and involves everything relating to the protection of the infrastructure (data center) from which the services are provided.
Security “in the” Cloud is the responsibility of the Customer. Aruba Cloud provides IaaS Cloud services and, as such, requires the Customer to configure, manage and verify security.