Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Azure Security

You're reading from   Mastering Azure Security Keeping your Microsoft Azure workloads safe

Arrow left icon
Product type Paperback
Published in Apr 2022
Publisher Packt
ISBN-13 9781803238555
Length 320 pages
Edition 2nd Edition
Tools
Arrow right icon
Authors (2):
Arrow left icon
Mustafa Toroman Mustafa Toroman
Author Profile Icon Mustafa Toroman
Mustafa Toroman
Tom Janetscheck Tom Janetscheck
Author Profile Icon Tom Janetscheck
Tom Janetscheck
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Section 1: Identity and Governance
2. Chapter 1: An Introduction to Azure Security FREE CHAPTER 3. Chapter 2: Governance and Security 4. Chapter 3: Managing Cloud Identities 5. Section 2: Cloud Infrastructure Security
6. Chapter 4: Azure Network Security 7. Chapter 5: Azure Key Vault 8. Chapter 6: Data Security 9. Section 3: Security Management
10. Chapter 7: Microsoft Defender for Cloud 11. Chapter 8: Microsoft Sentinel 12. Chapter 9: Security Best Practices 13. Assessments 14. Other Books You May Enjoy

Exploring the shared responsibility model

While Microsoft Azure is very secure, the responsibility for building a secure environment doesn't rest with Microsoft alone. Its shared responsibility model divides responsibility between Microsoft and its customers.

Before we can discuss which party looks after which aspect of security, we need to first discuss cloud service models. There are three basic models:

  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)

These models differ in terms of what is controlled by Microsoft and the customer. A general breakdown can be seen in the following diagram:

Figure 1.1 – Basic cloud service models

Figure 1.1 – Basic cloud service models

Let's look at these services in a little more detail.

On-premises

In an on-premises environment, we, as users, take care of everything: the network, physical servers, storage, and so on. We need to set up virtualization stacks (if used), configure and maintain servers, install and maintain software, manage databases, and so on. Most importantly, all aspects of security are our responsibility: physical security, network security, host and OS security, and application security for all application software running on our servers.

IaaS

With IaaS, Microsoft takes over some of the responsibilities. We only take care of data, runtime, applications, and some aspects of security, which we'll discuss a little later on.

An example of an IaaS product in Microsoft Azure is Azure Virtual Machines (VM).

PaaS

PaaS gives Microsoft even more responsibility. We only take care of our applications. However, this still means looking after a part of the security. Some examples of PaaS in Microsoft Azure are Azure SQL Database and web apps.

SaaS

SaaS gives a large amount of control away, and we manage very little, including some aspects of security. In Microsoft's ecosystem, a popular example of SaaS is Office 365; however, we will not discuss this in this book.

Now that we have a basic understanding of shared responsibility, let's understand how responsibility for security is allocated.

Division of security in the shared responsibility model

The shared responsibility model divides security into three zones:

  • Always controlled by the customer
  • Always controlled by Microsoft
  • Varies by service type

Irrespective of the cloud service model, customers will always retain the following security responsibilities:

  • Data governance and rights management
  • Endpoint protection
  • Account and access management

Similarly, Microsoft always handles the following, in terms of security, for any of its cloud service models:

  • Physical data center
  • Physical network
  • Physical hosts

Finally, there are a few security responsibilities that are allocated based on the cloud service model:

  • Identity and directory infrastructure
  • Applications
  • Network
  • Operating system

The distribution of responsibility, based on different cloud service models, is shown in the following diagram:

Figure 1.2 – The distribution of responsibility between the customer and service provider for different cloud service models (image courtesy of Microsoft, License: MIT)

Figure 1.2 – The distribution of responsibility between the customer and service provider for different cloud service models (image courtesy of Microsoft, License: MIT)

Now that we know how security is divided, let's move on to one specific aspect of it: the physical security that Microsoft manages. This section is important as we won't discuss it in much detail in the chapters to come.

You have been reading a chapter from
Mastering Azure Security - Second Edition
Published in: Apr 2022
Publisher: Packt
ISBN-13: 9781803238555
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime