Building proactive cloud security using the “shared fate” model

Moving your business to the cloud is a big step — and who’ll be in charge of keeping it secure after that? It’s a question many companies don’t take seriously until something goes wrong. The traditional shared responsibility model puts quite a lot of the work on businesses themselves, but when a small mistake can turn into a major issue, is that really the way to go?

Where shared responsibility falls short

Traditionally, the cloud security model has been based on shared responsibility, splitting duties between the cloud provider and the customer. Cloud service providers (like AWS, Google, and others) are responsible for the security of the physical infrastructure, while customers are responsible for configuring and securing their own workloads on the cloud.

Sounds simple, right? The problem is, it assumes customers know what they are doing when it comes to cloud security, but most just don’t. With hundreds of services and countless settings, misconfigurations happen all the time. And it’s usually something basic — like giving users too many permissions or accidentally making data public — that teams struggle with.

Here’s where this model often falls apart:

• Too many choices, too little expertise: Cloud platforms come with many configuration options and services (AWS alone has over 200). Knowing what’s secure (and what’s not) takes serious expertise, which many companies don’t have in-house.
• Too much access: Identity and Access Management (IAM) is an essential component of cloud security, but it’s tricky. Teams often take shortcuts and grant too much access to users just to “get things working.”
• Skills gap: Many businesses don’t have the in-house talent needed to secure their environments properly, and the talent is in short supply, too.
• Security is an afterthought

Shared fate as the smarter way to stay secure

The shared fate model fixes many of these issues by making cloud providers more hands-on in the security process. Providers (and their partners, like Revolgy) take a more active role in helping customers secure their cloud workloads, offering guidance, support, and expertise throughout their whole cloud journey.

What this means in action:

• Proactive guidance: Providers help you set up cloud environments the right way from the start and with security in mind.
• Ongoing support: Providers offer continuous support and monitoring to help you identify and address security issues.
• Expertise on demand: Instead of building your own in-house security team, you can ask the provider’s experts for help when needed.

AI-driven threats and defenses

Artificial intelligence brings both opportunities and challenges for cloud security. While it helps defenders to improve their security posture, it also gives attackers new tools to exploit vulnerabilities.

Attackers are using AI to find security gaps faster, craft more convincing phishing scams, and even create deepfakes. At the same time, security teams are leaning on AI to improve threat detection, speed up incident response, and strengthen overall defenses.

But it’s not just about tools — it’s also about policy. Organizations need clear AI security guidelines to govern how AI is used, ensure data privacy, maintain model integrity, and validate AI-generated outputs.

As AI becomes more integrated into business operations, the line between opportunity and risk grows thinner, and having strong AI security measures in place isn’t just a nice-to-have thing anymore.

Mitigating risks and making sure your data is protected

Keeping your cloud secure isn’t about doing one big thing — it’s about doing lots of little things right. Here’s how businesses can reduce risk and protect sensitive data:

• Use strong IAM practices
• Automate security checks
• Run regular security audits
• Consider data residency laws
• Train your team
• Create AI security guidelines
• Vet AI tools before using them
• Keep an eye on AI usage

🎧 Want to hear more about the real challenges businesses face in cloud security, including the DeepSeek breach? Check out our podcast episode with Kadir and Ash, where they go deep into the details, explore common security pitfalls, and talk about what companies can actually do to protect themselves.

Base your security on real data

Security shouldn’t be a guessing game. That’s why Revolgy built a free security audit tool to help businesses spot vulnerabilities before attackers do.

What you get:

• A free automated security scan for your infrastructure.
• Identification of hidden security risks on your website.
• Scan for subdomains, open ports, and vulnerabilities.
• Detection of CVE-listed threats.
• And much more!

How it works:

• Enter your email & domain — we verify ownership before scanning.
• Run an automated security scan — our tool performs a non-intrusive analysis.
• Receive a detailed security report — get a vulnerability overview straight to your inbox.

The shift from shared responsibility to shared fate offers a more hands-on approach to keeping infrastructure safe. Staying ahead of threats means paying attention to the details, and sometimes, simple missteps can cause the biggest problems.

Contact our experts today to find out what you can do to improve your cloud security posture.

Read next: ChatGPT vs. Gemini vs. DeepSeek: Which AI assistant is the best?