- Cloud security is a shared responsibility of both cloud providers and customers.
- Azure has many security certifications from outside auditors.
- Physical security
- Handled by Microsoft
- Walls, cameras, gates, security personnel
- Strict procedures for employees
- Digital security
- Handled by customer + Microsoft
- Azure has tools to mitigate security threats, consumer is responsible to use the tools.
- E.g. role-based access control, multi factor authentication, encryption, monitoring tools such as login failures, suspicious locations, DDoS protection, real-time telemetry & firewalls.
- ❗ You always retain responsibility for: Data, Endpoints, Accounts, Access management (identities)
- 📝 From maximum effort to your side to minimum: IaaS, PaaS, SaaS
| Responsibility | On-prem | IaaS | PaaS | SaaS |
|---|---|---|---|---|
| Data governance & rights management | 🤪 | 🤪 | 🤪 | 🤪 |
| Client endpoints | 🤪 | 🤪 | 🤪 | 🤪 |
| Account & access management | 🤪 | 🤪 | 🤪 | 🤪 |
| Identity & directory infrastructure | 🤪 | 🤪 | ☁️🤪 | ☁️🤪 |
| Application | 🤪 | 🤪 | ☁️🤪 | ☁️ |
| Network controls | 🤪 | 🤪 | ☁️🤪 | ☁️ |
| Operating system | 🤪 | 🤪 | ☁️ | ☁️ |
| Physical host | 🤪 | ☁️ | ☁️ | ☁️ |
| Physical network | 🤪 | ☁️ | ☁️ | ☁️ |
| Physical datacenter | 🤪 | ☁️ | ☁️ | ☁️ |
- Cloud provider: ☁️
- Customer: 🤪