What does CTS Companies do?

CTS Companies is a Michigan-based Managed IT Services Provider delivering managed IT, cybersecurity, cloud, and network infrastructure for SMBs.

Where does CTS provide services?

Primarily Southeast Michigan and the broader Michigan market, with projects across the Midwest.

Do you support Microsoft 365?

Yes. CTS deploys, migrates, and manages Microsoft 365, Azure AD identity, SharePoint, OneDrive, and compliance/backup policies.

Who Is Responsible for Cloud Security?

Moving your business operations to the cloud offers flexibility, scalability, and efficiency. However, it also introduces a dangerous misconception. Many business owners assume that once their data is in the cloud—whether it is on Microsoft Azure, Amazon Web Services (AWS), or Google Cloud—security is entirely the provider’s job. This assumption is the root cause of many data breaches.

The reality is more nuanced. Cloud security is not a product you buy and forget; it is a partnership. To protect your business effectively, you must understand where the provider’s job ends and where yours begins. At CTS Companies, we have been helping businesses navigate technological shifts since 1980. We believe in simple, reliable solutions. In this guide, we break down exactly who is responsible for security in the cloud and how to ensure your business remains protected.

Understanding the Shared Responsibility Model

The industry standard for defining cloud security roles is known as the “Shared Responsibility Model.” Every major cloud provider operates under this framework. It delineates which security tasks belong to the Cloud Service Provider (CSP) and which tasks belong to the customer.

If you fail to understand this boundary, you leave doors open for cybercriminals. The easiest way to visualize this is to think of a landlord and a tenant. The landlord (the cloud provider) is responsible for the building’s structure, the locks on the front door, and the plumbing. You (the tenant) are responsible for who you invite inside, locking your specific unit, and safeguarding your valuables.

What the Cloud Provider Handles

The cloud provider is responsible for the “security of the cloud.” This generally includes the physical infrastructure and the hardware that runs the services. Their responsibilities include:

Physical Security: Protecting the data centers from unauthorized physical access, fire, and environmental hazards.
Host Infrastructure: Securing the compute, storage, and networking hardware that supports the cloud environment.
Network Security (at the boundary): Protecting the global infrastructure against massive DDoS attacks and ensuring the underlying network remains available.

What You Handle

As the customer, you are responsible for “security in the cloud.” This means that while the server rack is secure, the data sitting on it is your concern. Your responsibilities include:

Customer Data: You must decide who can access your files and how they are encrypted.
Identity and Access Management (IAM): You control usernames, passwords, and multi-factor authentication (MFA).
Endpoint Devices: You must secure the laptops, phones, and tablets that connect to the cloud.
Configuration: If you leave a storage bucket “public” by mistake, that is a customer configuration error, not a provider failure.

How Responsibility Shifts by Service Type

Not all cloud services are the same. The level of responsibility you hold depends on whether you are using Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS). Understanding these differences is vital when planning your cloud services in Michigan.

Infrastructure as a Service (IaaS)

In an IaaS model (like renting a virtual server on AWS or Azure), you bear the most responsibility. The provider gives you the hardware and virtualization layer. You are responsible for the operating system, patching software, installing antivirus, and managing all data. This requires a robust internal IT team or a partnership with a dedicated provider.

Platform as a Service (PaaS)

PaaS is often used by developers to build applications. Here, the provider manages the hardware and the operating system. Your responsibility focuses on the application you are building and the data it consumes. You do not need to worry about patching the server OS, but you must secure your code.

Software as a Service (SaaS)

SaaS includes common tools like Microsoft 365, Salesforce, or Google Workspace. This model requires the least amount of management from you, but the risks are specific. The provider manages the application, the underlying infrastructure, and the patching. However, you remain entirely responsible for data access and user identities. If an employee uses a weak password and gets hacked, the SaaS provider cannot stop that breach.

Key Security Areas You Must Manage

Regardless of the cloud model you choose, certain security aspects always fall on your shoulders. Neglecting these areas is a primary reason for security incidents.

Identity and Access Management

Passwords are the keys to your cloud kingdom. At CTS, we look at security through six distinct categories, one of which is password policies & procedures. You must enforce strong, unique passwords and, more importantly, Multi-Factor Authentication (MFA). Without MFA, a single stolen credential can compromise your entire cloud environment.

Data Backup and Recovery

There is a widespread myth that data in the cloud is automatically backed up. This is false. Microsoft and Google ensure availability—meaning the service is up and running. They do not guarantee data recovery if you accidentally delete a file, if a disgruntled employee wipes a drive, or if you are hit by ransomware. You need a third-party solution for true data backup and recovery in Michigan. Whether on-site, off-site, or a mix, you must have a plan to restore your data independent of the cloud provider’s uptime guarantee.

Endpoint Security and Antimalware

The cloud is accessed through devices. If a laptop is infected with malware, it can transmit that infection to your cloud files. You are responsible for maintaining antimalware on all devices and managing web filtering to prevent employees from visiting malicious sites. This is a critical component of comprehensive cybersecurity in Michigan.

The CTS Approach to Cloud Security

Navigating these responsibilities can be overwhelming for business owners who just want their technology to work. Since 1980, CTS Companies has remained committed to helping you figure out which technology you need to solve business problems in a simple, reliable way. We do not force you into a single type of partnership; we deliver across a spectrum.

A Layered Defense Strategy

We view security not as a single software installation, but through the lens of six distinct categories:

Physical Security: Ensuring onsite assets are safe.
Password Policies & Procedures: managing access controls.
Other Policies & Procedures: Establishing clear rules for data handling.
Antimalware: protecting against viruses and ransomware.
Remote Access: Securing how your team connects from outside the office.
Web Filtering: Blocking threats before they reach the browser.

This holistic view ensures that while the cloud provider does their part, we help you execute yours. Whether you need assistance with specific IT infrastructure in Detroit or full management of your environment, we ensure no gaps exist in the shared responsibility model.

Support When You Need It

Even with the best defenses, questions and issues arise. Managing cloud security permissions and troubleshooting access requires expertise. We offer a mix of help desk in Michigan solutions, including full on-site members, bulk rates, and reactive support. You choose the option that best suits your business, ensuring you have the support required to maintain a secure environment.

Conclusion: It Is a Partnership

So, who is responsible for security in the cloud? The answer is both the provider and you. The provider secures the facility and the hardware, but you must secure your data, your identities, and your devices. Failing to uphold your end of the shared responsibility model puts your business at significant risk.

You do not have to manage this alone. With CTS Cloud Services, the heavy lifting is taken care of for you. We act as the bridge, ensuring your responsibilities are met with professional-grade security measures, backups, and monitoring. On your end, your business receives a service that just works, and works well.

If you are unsure about your current cloud security posture or need a reliable partner to manage your IT needs, contact us today. Let CTS help you secure your business with the same reliability we have provided for over four decades.