Under the AWS shared responsibility model, AWS is responsible for the security "of" the cloud, which includes the physical infrastructure, networking, and hypervisor layer. The customer, however, is responsible for security "in" the cloud, which includes managing the security of their data, patching and maintaining their guest operating system and applications, and managing identity and access. The responsibilities of shredding disk drives, preventing packet capture at the hypervisor level, and physical monitoring are handled by AWS as part of its responsibility for security "of" the cloud.