1.1.3 The Shared Responsibility Model
Detail on what the Shared Responsibility Model is.
Last updated
Detail on what the Shared Responsibility Model is.
Last updated
In traditional setup, the company is responsible for maintaining the physical space, ensuring security and maintaining/replacing servers. The IT department would be responsible for maintaining all infrastructure and software as well as system patching.
In shared responsibility, the cloud provider is responsible for physical security, power, cooling and network connectivity whilst the consumer is responsible for data and information stored in the cloud as well as access security.
The responsibility split is heavily dependent on the cloud service type in use: IaaS (Infrastructure as a Service), PaaS (Platform as a Service) or SaaS (Software as a Service). IaaS places most of the responsibility on the consumer, SaaS places most of the responsibility on the provider and PaaS is a middle ground. See diagram:
In the cloud, you are always responsible for:
Information and data stored in the cloud.
Devices allowed to connect to your cloud.
Accounts and identities of the people, services and devices in your organization.
The provider is always responsible for:
Physical datacenter.
Physical network.
Physical hosts.
The service model determines responsibility for:
Operating Systems.
Network controls.
Identity and infrastructure.