In cloud computing, the shared responsibility model defines the division of security and management tasks between the cloud provider and the customer. The level of responsibility varies depending on the type of cloud service being used: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), or Software-as-a-Service (SaaS).
On-Premises Responsibility
When using on-premises infrastructure, organizations take full responsibility for managing all components, including:
- Physical hardware: The company purchases, maintains, and upgrades all servers and networking devices.
- Buying operating systems: Organizations procure, install, and manage the necessary operating systems.
- Maintaining operating systems: Updates, patches, and security configurations must be handled by internal IT teams.
- Database server software: Companies install and manage database software on their infrastructure.
- Applications other than the operating system: Internal teams are responsible for the deployment and management of applications.
- Information and data security: Organizations secure their data and implement access controls.
- Devices such as mobile and PCs: User devices must be secured and managed internally.
- Accounts and Identity Management: The organization must enforce user authentication and identity protection policies.
Infrastructure-as-a-Service (IaaS)
With IaaS, the cloud provider takes responsibility for managing physical infrastructure, while the customer maintains control over the software and data aspects:
- Cloud provider:
- Manages physical hardware, network infrastructure, and data center security.
- Customer:
- Maintains and updates operating systems such as Windows or Linux.
- Installs and manages database server software.
- Deploys and maintains applications beyond the operating system.
- Ensures the security of their data, user accounts, and devices.
Platform-as-a-Service (PaaS)
With PaaS, the cloud provider handles more management tasks, leaving fewer responsibilities for the customer:
- Cloud provider:
- Manages physical hardware, networking, operating system updates, and database services.
- Customer:
- Deploys and maintains applications.
- Manages data security and access control.
- Secures user devices and accounts.
PaaS solutions simplify application development by abstracting away infrastructure concerns.
Software-as-a-Service (SaaS)
With SaaS, most management responsibilities are handled by the cloud provider, allowing customers to focus on using the service rather than maintaining infrastructure:
- Cloud provider:
- Manages everything from hardware and networking to operating systems, databases, and applications.
- Customer:
- Manages information security, user devices, and identity access management.
Summary
The shared responsibility model ensures that both the cloud provider and the customer contribute to security and management. Customers must understand their role in securing their workloads, applications, and data, while cloud providers ensure the reliability of the infrastructure. The level of responsibility varies based on the cloud service model chosen.
For more information, please see topics #11 to 14#. And to learn more, see our AZ-900 video course for more details – or click here to go back to the Microsoft AZ-900 list of topics.