At the heart of public cloud security is a shared responsibility between the cloud vendor and the organization. Forrester calls this “the uneven handshake,” where the cloud service provider is only responsible for securing the data center, infrastructure, and hypervisor, while the end user organization is responsible for the operating system, applications, users, and data. This paper follows “The Cloud Manager’s Balancing Act,” which describes the need for cloud managers to balance developer time-to-value with security risk and costs.