Random Musings

Sporadic thoughts on tech, economics, business, finance and trading

Shared Responsibility Model

, ,

The shared responsibility model defines the division of security and operational responsibilities between the cloud provider and the customer, depending on the deployment model:

1. On-Premises

  • Customer Responsibility: Everything (physical infrastructure, hardware, networking, OS, applications, data, security).
  • Example: A private data center requires you to manage physical servers, firewalls, operating systems, and software patches.

2. Infrastructure as a Service (IaaS)

  • Cloud Provider Responsibility: Physical data center, networking, servers, virtualization.
  • Customer Responsibility: Operating system, applications, data, security configurations.
  • These are the essential services of technology
  • Computing – Azure Virtual Machines. Microsoft secures the hardware and hypervisor, but you manage the OS and installed software.
  • Storage – Azure Storage
  • Networking – Virtual Networking. Virtual Networks don’t cost anything. There are ingress and egress bandwidth costs.
  • Generally have “real world” equivalents in your own
    data center
  • Cloud replacements of real world things

3. Platform as a Service (PaaS)

  • Cloud Provider Responsibility: Everything in IaaS + operating system and runtime.
  • Customer Responsibility: Applications and data.
  • Example: Azure App Service. Microsoft manages the OS and platform; you focus on app code and data security.
  • Cloud service providers have an opportunity to provide more than just the “basic” infrastructure
  • PaaS includes a service layer on top of IaaS — computing, storage and networking
  • Middleware, development tools, database server, and more
  • Azure Functions are considered Platform as a Service (PaaS). They provide a serverless compute environment where you can execute code in response to events without worrying about managing infrastructure. While the underlying infrastructure is abstracted and managed by Microsoft, the responsibility for deploying, configuring, and scaling your applications remains with you, which aligns with PaaS characteristics.
  • Examples of use cases include event-driven workloads like processing data streams, managing HTTP requests, or running scheduled tasks.
  • PaaS Storage – Managed Storage is an example of this; Azure SQL Database is another example
  • PaaS Networking – Azure Front Door is an example of this; or Load Balancer; or Firewall
  • These are software applications that perform networking tasks
  • Software as a Service (SaaS)
  • Cloud apps
  • Tools such as Office 365, OneDrive, Skype
  • The app is ready to be used and you simply need
    to set it up and use it

4. Software as a Service (SaaS)

  • Cloud Provider Responsibility: Entire stack, including applications.
  • Customer Responsibility: Data, identity management, and user access.
  • Example: Microsoft 365. Microsoft handles app updates and security; you manage user permissions and data protection.
  • Cloud apps – Tools such as Office 365, OneDrive, Skype
  • The app is ready to be used and you simply need to set it up and use it

Summary Table

ResponsibilityOn-PremisesIaaSPaaSSaaS
Physical InfrastructureCustomerCloud ProviderCloud ProviderCloud Provider
OS & RuntimeCustomerCustomerCloud ProviderCloud Provider
Applications & DataCustomerCustomerCustomerCustomer

Understanding this model helps you secure resources and comply with responsibilities based on the chosen deployment model.