Understanding segregation of responsibility in different Azure cloud models
Segregation of responsibility is an important concept in cloud computing, particularly in environments where multiple teams or individuals have access to shared resources. Understanding how segregation of responsibility works in different Azure cloud models can help ensure that your organization’s data and resources are protected and managed effectively.
There are three different deployment patterns that are available in Azure:
- Infrastructure as a service (IaaS)
- Platform as a service (PaaS)
- Software as a service (SaaS)
The differentiation among these three deployment patterns is the level of control customers have over their resources through Azure.
IaaS
IaaS is a type of deployment model that allows customers to provision their own infrastructure on Azure. Azure provides several infrastructure resources and customers can provision them on demand. Customers are responsible for maintaining and governing their own infrastructure, while Azure takes care of the maintenance of the physical infrastructure on which the virtual infrastructure resources are hosted. This approach requires customers to actively manage and operate within the Azure environment.
PaaS
PaaS eliminates the need for customers to handle infrastructure deployment and control, offering a higher-level abstraction compared to IaaS. In this approach, customers bring their own application, code, and data, and deploy them on the platform provided by Azure. These platforms are managed and governed by Azure, while customers retain sole responsibility for their applications. Since Azure manages the underlying infrastructure, customers can focus solely on activities related to their application deployment. This model facilitates faster and simpler options for application deployment when compared to IaaS.
SaaS
SaaS represents a higher-level abstraction in comparison to PaaS. In this approach, customers have access to software and its associated services for their consumption. The services are fully managed by the provider. Customers only need to bring their data into the SaaS environment without any control over the underlying infrastructure or services.
Figure 1.1 illustrates the areas of responsibility between customers and Microsoft, spanning SaaS, PaaS, IaaS, and on-premises.
Figure 1.1: Segregation of responsibilities
Regardless of the deployment type or cloud model, you retain ownership of your data and identities. It is your responsibility to protect the security of your data, identities, on-premises resources, and the components within your control in the cloud.
The following responsibilities are always retained by you regardless of deployment type:
- Information and data
- Devices (mobile and PCs)
- Accounts and identities
Understanding the segregation of responsibility across different Azure cloud models is crucial for ensuring the security and integrity of your organization’s data and resources. With the robust security and compliance features of Azure and the implementation of best practices for managing and securing your Azure environments, organizations can effectively protect and manage their data and applications.
In the next section, we will provide guidance on how to get started with Azure.
