Security in the cloud is on a lot of people’s minds following the hacking of celebrities’ iCloud accounts. When we hear about user accounts on cloud services and SaaS applications getting compromised, we start thinking more about he types of security capabilities that cloud providers offer versus what they leave unaddressed, and where responsibility should lie.

Although many people think that security is a monolith, in reality it’s much more of a mosaic — full of nuances and subtleties. There are undoubtedly various kinds of threats associated with cloud services. From the perspective of the cloud service provider, the most pressing security issue involves protecting its back-end infrastructure from outside attackers. An attacker who can break in through the back door can abscond with a wealth of data.

Businesses using SaaS services, or individual users of iCloud, have other concerns. Account compromise through the back door is worrying, but in…