Shared Responsibility Model

PreviousZero Trust Model NextDefense in Depth

Last updated 1 month ago

Shared Responsibility Model

The Azure Shared Responsibility Model outlines the division of security and compliance responsibilities between Microsoft (Azure) and the customer when using Azure cloud services. It helps both parties understand their roles in securing applications, data, and systems in the cloud.

The model is primarily divided into two key areas:

Microsoft’s Responsibility (Azure’s Responsibility) – Security of the Cloud
Customer’s Responsibility – Security in the Cloud

1. Microsoft’s Responsibility: Security of the Cloud (Infrastructure)

Microsoft is responsible for securing the underlying infrastructure of Azure. This includes the hardware, physical datacenters, networking, and foundational services that support the cloud environment. Some examples of Microsoft’s responsibilities are:

Physical security of data centers (e.g., access control to the physical servers).
Network security (e.g., securing the connectivity between Azure regions and data centers).
Compute infrastructure (e.g., security of physical servers, virtualization).
Storage infrastructure (e.g., managing secure storage facilities).
Platform-level services, such as Azure Compute, networking, and storage management.
Patching and maintenance of physical hardware and foundational software (e.g., hypervisors, physical servers).
Identity management for Azure accounts and roles (though customers still control user-level permissions).

2. Customer’s Responsibility: Security in the Cloud (Your Workload)

Customers are responsible for securing everything that they deploy and manage on top of Azure infrastructure. This responsibility varies depending on which Azure services are being used (IaaS, PaaS, SaaS). Some examples of the customer’s responsibilities include:

Identity and Access Management (IAM): Managing who has access to the Azure resources (e.g., Azure Active Directory, user authentication, access control).
Data Protection: Encrypting data at rest and in transit, setting data retention policies, backup, and recovery strategies.
Operating System: Managing, securing, and patching the operating systems of virtual machines (VMs) you deploy (for example, managing Windows Server or Linux VMs).
Applications: Securing the software or applications you build or deploy on Azure. This includes code security, vulnerability management, and patching.
Networking: Configuring virtual networks, firewalls, subnets, and VPNs to protect your traffic and workloads.
Monitoring and Logging: Enabling and managing monitoring, logging, and auditing to track user activities, detect potential threats, and maintain compliance.
Compliance: Ensuring your workloads and applications meet legal, regulatory, and organizational compliance requirements.

PreviousZero Trust Model NextDefense in Depth

Last updated 1 month ago

The model is primarily divided into two key areas:

Microsoft’s Responsibility (Azure’s Responsibility) – Security of the Cloud
Customer’s Responsibility – Security in the Cloud

1. Microsoft’s Responsibility: Security of the Cloud (Infrastructure)

Physical security of data centers (e.g., access control to the physical servers).
Network security (e.g., securing the connectivity between Azure regions and data centers).
Compute infrastructure (e.g., security of physical servers, virtualization).
Storage infrastructure (e.g., managing secure storage facilities).
Platform-level services, such as Azure Compute, networking, and storage management.
Patching and maintenance of physical hardware and foundational software (e.g., hypervisors, physical servers).
Identity management for Azure accounts and roles (though customers still control user-level permissions).

2. Customer’s Responsibility: Security in the Cloud (Your Workload)

Identity and Access Management (IAM): Managing who has access to the Azure resources (e.g., Azure Active Directory, user authentication, access control).
Data Protection: Encrypting data at rest and in transit, setting data retention policies, backup, and recovery strategies.
Operating System: Managing, securing, and patching the operating systems of virtual machines (VMs) you deploy (for example, managing Windows Server or Linux VMs).
Applications: Securing the software or applications you build or deploy on Azure. This includes code security, vulnerability management, and patching.
Networking: Configuring virtual networks, firewalls, subnets, and VPNs to protect your traffic and workloads.
Monitoring and Logging: Enabling and managing monitoring, logging, and auditing to track user activities, detect potential threats, and maintain compliance.
Compliance: Ensuring your workloads and applications meet legal, regulatory, and organizational compliance requirements.