In a cloud service provider setup, under the shared responsibility model, which action should the company take to fulfill its responsibilities?

Under the shared responsibility model, the cloud provider secures the infrastructure and platform, but you are responsible for securing what you build and store in the cloud. Implementing secure coding practices reduces the introduction of vulnerabilities into your applications, while encrypting sensitive data protects it even if other controls are bypassed or compromised. This combination directly fulfills the security duties you own for your software and data, extending protection beyond what the provider offers. Relying solely on the provider’s controls ignores your need to secure your code and data. Automated scanners are helpful but not a complete solution on their own; they don’t cover secure design, configuration, or broader data protection strategies. Ignoring data at rest encryption leaves sensitive information exposed. So, putting secure coding practices in place and encrypting sensitive data best aligns with your responsibilities.