AZ-900 Azure Fundamentals - shared responsibility model

As organizations increasingly migrate their IT infrastructure and services to the cloud, it is essential to understand the shared responsibility model. Cloud service providers offer a secure and scalable environment, but security and compliance are a shared responsibility between the provider and the customer. In this blog post, we will explore the shared responsibility model in cloud computing, emphasizing the crucial role it plays in maintaining a robust security posture and ensuring compliance.

Understanding the Shared Responsibility Model

The shared responsibility model defines the security responsibilities of both the cloud service provider (CSP) and the customer. It establishes a clear demarcation of security controls and obligations, helping organizations understand their role in securing their cloud-based assets.

Key Elements of the Shared Responsibility Model:

  • Infrastructure Security: The CSP is responsible for securing the underlying cloud infrastructure, including the physical data centers, network architecture, and virtualization layer. This includes aspects such as power supply, cooling, server maintenance, and network security measures.

  • Data Security: While the CSP ensures the security of the infrastructure, the customer is responsible for securing their data and applications within the cloud. This involves implementing access controls, encryption, and appropriate security measures to protect sensitive information.

  • Compliance: Both the CSP and the customer share responsibility for compliance with industry regulations and data protection standards. The CSP ensures that its infrastructure adheres to relevant certifications and compliance frameworks, while the customer must implement necessary controls and processes to meet their specific compliance requirements.

CSP Responsibilities

Cloud service providers assume significant responsibilities to safeguard the infrastructure and provide a secure environment. These typically include:

  • Physical Security: CSPs implement stringent physical security measures to protect their data centers, including access controls, video surveillance, and perimeter security.

  • Network Security: CSPs employ robust network security mechanisms, such as firewalls, intrusion detection systems, and distributed denial-of-service (DDoS) protection, to defend against external threats.

  • Platform Security: CSPs manage and secure the cloud platform, including virtualization, operating systems, and the underlying infrastructure. They ensure patch management, vulnerability scanning, and secure configuration of the platform.

  • Incident Response: CSPs have incident response protocols in place to detect and respond to security incidents, mitigate risks, and ensure timely communication with customers.

Customer Responsibilities

Customers play a vital role in securing their data and applications within the cloud environment. These responsibilities typically include:

  • Identity and Access Management: Customers are responsible for managing user access, permissions, and authentication mechanisms to ensure appropriate access controls and prevent unauthorized access.

  • Data Protection: Customers are accountable for securing their data within the cloud. This includes implementing encryption, backups, and data loss prevention measures to safeguard against unauthorized access or data breaches.

  • Application Security: Customers must secure their applications, including code-level security, secure configurations, and vulnerability management, to prevent application-level attacks.

  • Compliance and Governance: Customers need to ensure compliance with applicable regulations, industry standards, and data protection laws, including managing data privacy, data residency, and data retention requirements.

Shared Responsibility Model in Azure

Within Azure the level of responsibility Microsoft shares differs depending on the type of resource being deployed. As such the boundaries of responsibily general lay as follows.

Source : https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

In Private Cloud or on-premises environments the customer is responsible for all aspects of security and maintenance. Moving to Infrastructure as a Service (IaaS) resources (e.g. Virtual Machines), Microsoft takes on the security of the physical hardware, protecting the datacenters, network and physical machines. All other responsibilities within the environment still lay with the customer. Platform as a Service (PaaS) resources (e.g. WebApps, Azure SQL), on top of their other obligations, the Azure team look after the patching and security of the Operating Systems (OS), whilst sharing some of the duty of protection within network and application controls. Finally, Software as a Service (SaaS) resources, the customer has the least amount of responsibility, but are still required to protect and manage user and device access, along with data protection. All other security processes and requirements are the duty of Azure.

The shared responsibility model is a fundamental concept in cloud computing, outlining the division of security responsibilities between the cloud service provider and the customer. By understanding their respective roles, organizations can establish robust security postures, ensure compliance with regulations, and protect their data and applications effectively. Embracing the shared responsibility model empowers businesses to leverage the benefits of cloud computing while maintaining a secure and compliant cloud environment. Collaboration and active participation from both parties are key to establishing a strong partnership and achieving optimal security and compliance in the cloud.

Additional Information

Video

Previous
Previous

Investigating Deployment Patterns

Next
Next

AZ900 - Azure Fundamentals - Economies of Scale