You may have already heard of the shared responsibility model, but you might not understand what it means or how it impacts cloud computing.

🏢 Let’s start with a traditional data center

In a typical enterprise data center:

• The company is responsible for maintaining the physical space, security, and replacing servers when issues occur.
• The IT department manages all the infrastructure and software required for the data center to function properly.
• It is also responsible for updating systems and ensuring compliance with required versions.

☁️ In the cloud, responsibilities are shared

With the shared responsibility model, responsibilities are divided between the cloud service provider and the consumer:

• The cloud provider is responsible for:
  • Physical security
  • Power supply
  • Cooling
  • Network connectivity

Since the consumer is not physically present in the data center, they do not have to manage these aspects.

🔐 Consumer responsibilities

The consumer is responsible for:

• Securing the data stored in the cloud (the provider should not be able to read your information)
• Managing access (restricting access to authorized individuals)

⚖️ Responsibilities vary depending on context

Some responsibilities depend on the situation:

• If you use a managed SQL database in the cloud, the provider is responsible for the database infrastructure, but you remain responsible for the data it contains.
• If you deploy a virtual machine and install a SQL database on it, you are responsible for:
  • Updating and patching the database
  • Managing the data

🧭 Comparison with an on-premises data center

In an on-premises data center, you are responsible for everything.
In the cloud, responsibilities are distributed based on the type of service used:

• IaaS (Infrastructure as a Service): The consumer has the most responsibilities.
• PaaS (Platform as a Service): Responsibilities are shared.
• SaaS (Software as a Service): The cloud provider assumes most responsibilities.

📊 A diagram accompanies this unit to illustrate who is responsible for what depending on the type of cloud service.

Describe the Shared Responsibility Model

When you use a cloud service provider, you are always responsible for:

• The information and data stored in the cloud
• The devices authorized to connect to your cloud (mobile phones, computers, etc.)
• The accounts and identities of people, services, and devices within your organization

The cloud provider is always responsible for:

• The physical data center
• The physical network
• The physical hosts

Your service model will determine responsibility for elements such as:

• Operating systems
• Network controls
• Applications
• Identity and infrastructure

➡️ Next unit: Define cloud models