The Shared-Responsibility Model
When evaluating public cloud services, it’s critical to understand the shared responsibility model and which security tasks are handled by the cloud provider and which tasks are handled by you. The workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter.
In this lecture, you’re introduced to The Shared Responsibility Model, which is essential to understand when evaluating public cloud services. It’s crucial for you to know which security tasks are managed by the cloud provider and which are your responsibility.
The level of responsibility you have varies depending on the service model you’re using: software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS). Additionally, if the workload is hosted in an on-premises data center, this changes the scope of your responsibilities.
When operations are hosted on-premises, you are responsible for the entire stack. But as you move to the cloud, some of those responsibilities are transferred to the cloud provider, in this case, Microsoft Azure.
A graphic that you might see on your screen during the lecture will show that the responsibility is split between you and Microsoft, and this split depends on the type of cloud service you’re deploying.
It’s important for you to remember that no matter what cloud service model you choose, certain responsibilities will always be yours. This includes data and identities, the security of your accounts, and the management of your data. You are also responsible for any on-premises resources and the aspects of the cloud that you control, which varies by the service model you deploy.
The key takeaway from this lecture is to understand that on-premises data centers require you to maintain everything. Moving to IaaS means you still have to manage a significant portion, but less so than on-premises. With PaaS, your responsibilities are more shared with the cloud provider. And with SaaS, apart from your data, devices, and identities, the cloud provider manages virtually all other aspects.