Successfully and securely navigating your journey to cloud platforms requires a firm grasp of the Shared Responsibility Model. As we explore both public and community clouds, we’ll review the zones of control relating to different cloud models. These zones influence which NIST security controls are delegated to the cloud providers and which remain the responsibility of the consuming department. Fortunately, there are parallels to more traditional models with which government has significant experience: Contractor Owned, Government Operated (COGO) and Contractor Owned, Contractor Operated (COCO) IT services. By tapping into institutional knowledge and leveraging programs like FedRAMP, agencies can safely accelerate their cloud adoption in support of their missions while unlocking the flexibility and potential for innovation that cloud computing brings.