Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Understanding the shared responsibility model

  1. Home
  3. Understanding the shared responsibility model

Go back to Tutorial

In this tutorial, we will learn and understand the shared responsibility model and its types.

Shared responsibility model: Overview

Which security duties are performed by the cloud provider and which security tasks are done by you, the client, is determined by the shared responsibility model. Organizations that use purely on-premises technology and software, on the other hand, are solely responsible for ensuring security and compliance. When it comes to cloud services, the consumer and the cloud provider share responsibilities.

Further, the responsibilities vary depending on where the workload is hosted:

  • Firstly, Software as a Service (SaaS)
  • Secondly, Platform as a Service (PaaS)
  • Thirdly, Infrastructure as a Service (IaaS)
  • Lastly, the On-premises datacenter (On-prem)

The below diagram explains the areas of responsibility between the customer and the cloud provider as to where the data holding.

The Shared responsibility model responsibilities by type
Image Source: Microsoft
Practice tests

Shared responsibility model: Type

1. On-premises datacenters
  • In an on-premises datacenter, you have responsibility for everything from physical security to encrypting sensitive data.
2. Infrastructure as a Service (IaaS)
  • IaaS, more than any other cloud service, necessitates the greatest management on the part of the cloud customer. With IaaS, on the other hand, you’re utilising the computational infrastructure of the cloud provider.
  • The cloud customer isn’t responsible for the physical components, such as computers and the network. Further, the cloud customer still has responsibility for software components such as operating systems, network controls, applications, and protecting data.
3. Platform as a Service (PaaS)
  • PaaS is a cloud-based platform for developing, testing, and deploying software applications. The purpose of PaaS, on the other hand, is to quickly create an application without having to worry about the underlying infrastructure.
  • Further, with PaaS, the cloud provider manages the hardware and operating systems, and the customer is responsible for applications and data.
4. Software as a Service (SaaS)
  • The cloud provider hosts and manages SaaS for the customer. SaaS software includes Microsoft 365, Skype, and Dynamics CRM Online. The cloud client has to handle the least quantity of SaaS.
  • Further, for all cloud deployment types you, the cloud customer, own your data and identities. You’re in charge of ensuring the safety of your data, identities, and on-premises resources.
sc-900 online course

Reference: Microsoft Documentation

Go back to the Tutorial

Menu