YouTube: cloud security in 8 minutes

Mad Hat, a YouTube channel run by a cloud security engineer, published a short explainer on May 16, 2026, under the video ID linked for this story. Search results for that URL show the public title as “your AI is only as secure as your weakest cloud config,” not the preliminary title supplied in the card brief, and describe the video as a cloud-security primer for a broad audience. (youtube.com) (aws.amazon.com) The video’s framing tracks closely with the way major cloud providers and government guidance describe baseline cloud security duties. AWS defines the model as “security of the cloud” for the provider and “security in the cloud” for the customer, while Microsoft says organizations still need to understand which tasks the provider handles and which tasks they handle. (cisa.gov) ### Why does the responsibility split still come first? AWS says the shared-responsibility model is the basic dividing line for cloud security, with AWS responsible for the infrastructure that runs cloud services and customers responsible for configuration choices tied to the services they use. (youtube.com) Microsoft’s Azure documentation makes the same point, saying the division of responsibility changes depending on the service model. Google Cloud says the model can be difficult in practice because every service has a different configuration profile and customers still need to determine the best security configuration. Google adds that the model “stops short” of helping customers achieve better outcomes on its own, which is why it promotes additional blueprints and secured infrastructure code. (aws.amazon.com) ### Why does identity sit at the center of cloud defenses? Microsoft says public cloud systems rely on identity solutions for boundary security because perimeter networks and firewalls are not sufficient for managing access to applications and data. (aws.amazon.com) In a separate Microsoft security guide, the company says identities for people, services and devices are the common denominator across networks, endpoints and applications. Google Cloud says IAM unifies access control for cloud services into a single system, and AWS says IAM is the service for centrally managing users, credentials and permissions across resources. (docs.cloud.google.com) Those descriptions match the video’s emphasis on identity as the practical control plane for cloud access. ### What does “protect the data” mean in concrete terms? Microsoft says encryption should cover data at rest and data in flight, with key management handled through services such as Azure Key Vault. Google says it encrypts customer content at rest by default and documents encryption in transit across its networks and services. (learn.microsoft.com) AWS says encryption is an additional access control that should complement identity, resource and network controls, and its guidance says customers can use AWS Key Management Service and service-level encryption features to protect stored and moving data. (docs.cloud.google.com) ### Why are misconfigurations still treated as the main risk? Google Cloud says shared responsibility is hard partly because each service exposes different configuration options. AWS says customer responsibility depends on the services selected, which determines how much configuration work the customer must perform. (learn.microsoft.com) CISA and the National Security Agency said in a March 7, 2024 alert that they released five cloud-security information sheets with recommended mitigations for cloud environments, while CISA’s broader cloud guidance includes secure configuration baselines and implementation guidance for federal tenants. (docs.aws.amazon.com) ### What does continuous visibility look like after the basics? CISA says its Continuous Diagnostics and Mitigation cloud work is aimed at giving agencies continuous monitoring tools to understand cloud environments. AWS says IAM audits should systematically review users, roles, groups and policies and can be paired with Security Hub cloud security posture management. (docs.cloud.google.com) CISA’s Cloud Security Technical Reference Architecture lays out recommended approaches to cloud migration and data protection and specifically references cloud security posture management in that architecture. For teams moving from short explainers to operating models, that document is one of the named next references now available from the agency. (cisa.gov 1) (cisa.gov 2) (cisa.gov 3)